Mac users are now exposed to a new “ThiefQuest” ransomware that encrypts files and causes multiple issues with the operating system. Malwarebytes has analyzed the ransomware today, which is being distributed through macOS pirate apps.
The malicious code was first found in a pirate copy of the Little Snitch app available on a Russian forum with torrent links. The downloaded app comes with a PKG installer file, unlike its original version.
For a long time ransomware was a problem that Mac owners didn't have to worry about, but March 2016 saw the appearance of the first ever piece of Mac ransomware - KeRanger - distributed along with. Jun 30, 2020 (Ransomware may try to encrypt or damage backups on connected drives.). MacBook Air, MacBook Pro, iMac, Mac Pro, and Mac Mini. The Mac runs macOS for its operating system. McAfee Total Protection for Mac review: Good at detecting malware, but lacks active ransomware protection This antivirus software package offers good basic protection, but its normal.
By examining this PKG file, Malwarebytes discovered that the app comes with a “postinstall script,” which is typically used to clean up the installation after the process is completed. In this case, however, the script implements malware in macOS.
The script file is copied to a folder related to the Little Snitch app under the name CrashReporter, so the user won’t notice it running in the Activity Monitor since macOS has an internal app with a similar name. The set location is: /Library/LittleSnitchd/CrashReporter.
Malwarebytes notes that it takes some time before the ransomware starts working after it’s installed, so the user won’t associate it with the latest app installed. Once the malicious code is activated, it modifies the system and user files with unknown encryption.
Part of the encryption causes the Finder not to work properly and the system crashes constantly. Even the system’s Keychain gets corrupted, so it’s impossible to access passwords and certificates saved on the Mac. A message on the screen says the user must pay $50 to recover its files, otherwise everything will be deleted after three days.
There’s still no way to get rid of malware after it has encrypted the files without formatting the entire disk, so users should keep an updated backup of everything. Edit video software pc.
![Macbook Macbook](https://shop.trendmicro.com/FreeTrial/2019/US/images/pc-devices-awards.png)
The best way of avoiding the consequences of ransomware is to maintain a good set of backups. Keep at least two backup copies of all important data, and at least one should not be kept attached to your Mac at all times. (Ransomware may try to encrypt or damage backups on connected drives.)
Although the ransomware is only included with pirated apps for now, Apple must fix this security flaw as quickly as possible since this malicious code can be included in more apps distributed outside the App Store.
You can read more technical details about ThiefQuest on Malwarebytes’ website.
Update: The original name for the malware, EvilQuest, has been changed due to a legitimate game of the same name from 2012. The new name is ThiefQuest.
FTC: We use income earning auto affiliate links.More.
Apple users have been targeted in a confirmed ransomware attack.
Apple customers were targeted by hackers over the weekend in the first campaign against Macintosh computers using a pernicious type of software known as ransomware, researchers with Palo Alto Networks Inc told Reuters on Sunday.
Ransomware, one of the fastest-growing types of cyber threats, encrypts data on infected machines, then typically asks users to pay ransoms in hard-to-trace digital currencies to get an electronic key so they can retrieve their data.
Security experts estimate that ransoms total hundreds of millions of dollars a year from such cyber criminals, who typically target users of Microsoft Corp’s Windows operating system.
Palo Alto Threat Intelligence Director Ryan Olson said the “KeRanger” malware, which appeared on Friday, was the first functioning ransomware attacking Apple’s Mac computers.
“This is the first one in the wild that is definitely functional, encrypts your files and seeks a ransom,” Olson said in a telephone interview.
Hackers infected Macs through a tainted copy of a popular program known as Transmission, which is used to transfer data through the BitTorrent peer-to-peer file sharing network, Palo Alto said on a blog posted on Sunday afternoon.
When users downloaded version 2.90 of Transmission, which was released on Friday, their Macs were infected with the ransomware, the blog said.
Read More
An Apple representative said the company had taken steps over the weekend to prevent further infections by revoking a digital certificate that enabled the rogue software to install on Macs. The representative declined to provide other details.
Transmission responded by removing the malicious version of its software from its website, http://www.transmissionbt.com. On Sunday it released a version that its website said automatically removes the ransomware from infected Macs.
The website advised Transmission users to immediately install the new update, version 2.92, if they suspected they might be infected.
Palo Alto said on its blog that KeRanger is programmed to stay quiet for three days after infecting a computer, then connect to the attacker’s server and start encrypting files so they cannot be accessed.
Macbook Air Ransomware Case
After encryption is completed, KeRanger demands a ransom of 1 bitcoin, or about $400, the blog said.
Capture screenshot in macbook. Olson, the Palo Alto threat intelligence director, said that the victims whose machines were compromised but not cleaned up could start losing access to data on Monday, which is three days after the virus was loaded onto Transmission’s site.
Mac Ransomware Removal
Best easy editing software free. Representatives with Transmission could not be reached for comment.