Skip to comments.
New Mac Ransomware Found in Pirated Mac Apps
MacRumors ^
| Tuesday June 30, 2020 11:44 am PDT
| by Juli Clover
Posted on 07/03/2020 11:31:16 AM PDT by Swordmaker
There's a new 'EvilQuest' Mac ransomware variant that's spreading through pirated Mac apps, according to a new report shared today by Malwarebytes. The new ransomware was found in pirated download for the Little Snitch app found on a Russian forum.
Right from the point of download, it was clear that something was wrong with the illicit version of Little Snitch, as it had a generic installer package. It installed the actual version of Little Snitch, but it also installed an executable file named "Patch" into the /Users/Shared directory and a post-install script for infecting a machine.
The installation script moves the Patch file into a new location and renames it CrashReporter, a legitimate macOS process, keeping it hidden in Activity Monitor. From there, the Patch file installs itself in several spots on the Mac.
The ransomware encrypts settings and data files on the Mac, like Keychain files, resulting in an error when attempting to access the iCloud Keychain. The Finder also malfunctioned after installation, and there were problems with the dock and other apps.
Malwarebytes found the ransomware to work poorly and was not able to get instructions on paying the ransom, but a screenshot found on the forums where the malicious software originated suggests it's meant to prompt users to pay $50 to recover access to their files. Note: anyone infected with this ransomware or any ransomware should not pay the fee, because it does not remove the malware.
Along with the ransom activity, the malware may also install a keylogger for monitoring keystrokes, but what the malware does with the functionality is unknown. Malwarebytes says that its software for Mac is able to remove the ransomware, detected as Ransom.OSX.EvilQuest. Encrypted files will require a restore from a backup, though.
Similar ransomware was found in other pirated apps, and Mac users can avoid it by staying away from pirated apps and untrustworthy websites and forums that offer illicit downloads.
TOPICS: Business/Economy; Computers/Internet; Conspiracy
KEYWORDS: apple; applepinglist; mac; macmalware; macos; ransomware
Navigation: use the links below to view more comments.
first 1-20, 21-40, 41 next last
Please note, this malware is not in anyway really effective as it is poorly written. Keep good backups and you will not have to pay the ransom. Best is not to try to steal software in the first place. DO NOT PIRATE!
To: ~Kim4VRWC's~; 1234; 5thGenTexan; AbolishCSEU; Abundy; Action-America; acoulterfan; AFreeBird; ...
A poorly executed, hard to install, form of Mac Ransomware has been discovered in a Pirated version of Little Snitch on a Russian download site. First of all, DONT PIRATE SOFTWARE, as your first line of defense against this invasion of your computer. Second, have good backups. Third, Dont STEAL SOFTWARE! PING!
Apple Ransomware Found in Pirated Little Snitch Installer from Russian Pirate Website
PING!
If you want on or off the Apple/Mac/iOS Ping List, Freepmail me.
2
posted on
07/03/2020 11:36:25 AM PDT
by
Swordmaker
(My pistol self-identifies as an iPad, so you must accept it in gun-free zones, you hoplophobe bigotu)
To: Swordmaker
Thieves complaining about being ripped off. Sort of like someone calling the cops to complain about being shorted in a drug deal.
3
posted on
07/03/2020 11:41:14 AM PDT
by
PAR35
To: Swordmaker
The malware author wants $50 for Little Snitch, which may be $25 from Objective Development.
BTW, both Objective Development products, Little Snitch & Launch Bar are top notch & worth the money.
4
posted on
07/03/2020 12:18:31 PM PDT
by
bobcat62
To: Swordmaker; Gamecock; SaveFerris; PROCON
Same thing happened with my Willard. Cost me ten extra bucks to get the seven key to work.
To: Swordmaker
So the only entity to benefit is Apple by discouraging pirating.
6
posted on
07/03/2020 12:49:00 PM PDT
by
Moonman62
(http://www.freerepublic.com/~moonman62/)
To: Moonman62
So the only entity to benefit is Apple by discouraging piratingHmm...
7
posted on
07/03/2020 1:36:17 PM PDT
by
Company Man
(THEDONALD.WIN is skyrocketing in Alexa rankings! Visit today!)
To: Moonman62
So the only entity to benefit is Apple by discouraging pirating. Really? How about the publishers of the pirated software? II assure you that the publisher of Little Snitch would benefit from their software not being pirated. You cant be that stupid.
8
posted on
07/03/2020 4:29:01 PM PDT
by
Swordmaker
(My pistol self-identifies as an iPad, so you must accept it in gun-free zones, you hoplophobe bigotu)
To: Swordmaker
Sorry to hurt your tender feelings.
9
posted on
07/03/2020 4:45:21 PM PDT
by
Moonman62
(http://www.freerepublic.com/~moonman62/)
To: Moonman62
Sorry to hurt your tender feelings. Swordmaker is right on this one. Apple does not publish Little Snitch.
Don't be a doofus.
To: Moonman62
Sorry to hurt your tender feelings. You are not hurting me or my feelings. Apple does not publish this software, does not even recommend its use, so youve not shown anything except your abysmal ignorance.
11
posted on
07/03/2020 5:48:10 PM PDT
by
Swordmaker
(My pistol self-identifies as an iPad, so you must accept it in gun-free zones, you hoplophobe bigotu)
To: CurlyDave
You’re another one who is too sensitive.
12
posted on
07/03/2020 7:02:04 PM PDT
by
Moonman62
(http://www.freerepublic.com/~moonman62/)
To: Swordmaker
If I didn’t hurt your feelings, then you must be a jerk. Sorry for the mistake.
13
posted on
07/03/2020 7:03:12 PM PDT
by
Moonman62
(http://www.freerepublic.com/~moonman62/)
To: Moonman62
If I didnt hurt your feelings, then you must be a jerk. Sorry for the mistake. Looks to me that the jerk here is you. You are the one making unsupported claims. I just corrected your idiotic claim which was based in your Apple Derangement Syndrome. You have no evidence for your assertion or you are advocating the theft of software. Which is it?
14
posted on
07/03/2020 8:05:22 PM PDT
by
Swordmaker
(My pistol self-identifies as an iPad, so you must accept it in gun-free zones, you hoplophobe bigotu)
To: Swordmaker
15
posted on
07/03/2020 8:32:12 PM PDT
by
Moonman62
(http://www.freerepublic.com/~moonman62/)
To: Moonman62
So far you are proving you ARE that stupid. Keep it up. Its highly amusing. You havent shown how this has ANYTHING to do with Apples profits, since Apple doesnt publish Little Snitch, and I dont even think they promote users buying or installing it. In fact, Moonman62, Little Snitch is a free and safe download from its publisher. Its only dangerous if a user downloads it from a pirate source which does not support it like its publisher does. Would you be saying the same thing about an announcement about RANSOM WARE found in Microsoft specific pirate ware???? Apparently not. You are apparently an advocate for stealing software, cutting the authors out of their just rewards for creating it. If so, you are a reprehensible thief, willing to benefit from the work of others while not being willing to pay for it. Doesnt that make you an advocate of involuntary servitude to your desires, i.e., slavery? After all, they have to work for nothing so that YOU can have what YOU want for free! That makes you a hypocrite of the first order.
So, Moonman, which is it?
16
posted on
07/03/2020 8:51:47 PM PDT
by
Swordmaker
(My pistol self-identifies as an iPad, so you must accept it in gun-free zones, you hoplophobe bigotu)
To: Swordmaker
17
posted on
07/04/2020 10:10:47 AM PDT
by
Moonman62
(http://www.freerepublic.com/~moonman62/)
To: Moonman62
Too bad you have zero ammunition to use on your target that has any impact. You cant drop anything factual. You are just dropping cotton balls. . . Ignorance on parade.
Being over the wrong target also gets you shot down in flames, especially when you are completely in the wrong, Moonbat.
18
posted on
07/04/2020 12:17:57 PM PDT
by
Swordmaker
(My pistol self-identifies as an iPad, so you must accept it in gun-free zones, you hoplophobe bigotu)
To: Swordmaker
It’s funny.
I didn’t say you were wrong.
I said you were overly sensitive.
You denied it, but then you spent the next several hours proving that you are. I’d say you have anger issues, too.
19
posted on
07/04/2020 1:05:59 PM PDT
by
Moonman62
(http://www.freerepublic.com/~moonman62/)
To: Moonman62
Hours? You are delusional. Ive spent no more than five minutes responding to your tripe, Moonbat. Youre not worth even that. You are the invading troll in this thread, offering nothing of value, making worthless comments. Sensitivity has nothing to do with correcting idiocy.
20
posted on
07/04/2020 1:21:05 PM PDT
by
Swordmaker
(My pistol self-identifies as an iPad, so you must accept it in gun-free zones, you hoplophobe bigotu)
Navigation: use the links below to view more comments.
first 1-20, 21-40, 41 next last
Disclaimer:
Opinions posted on Free Republic are those of the individual
posters and do not necessarily represent the opinion of Free Republic or its
management. All materials posted herein are protected by copyright law and the
exemption for fair use of copyrighted works.
FreeRepublic.com is powered by software copyright 2000-2008 John Robinson