Print this page
Published in News

New Mac ransomware is super smug

by on03 July 2020

Users just can’t believe it is happening to them

While the writers of ransomware tend to leave Apple Macs alone due to the fact they have no need to threaten someone’s Coldplay collection, a new example has just appeared and appears to be gaining some traction.

Dinesh Devadoss, a malware researcher at the firm K7 Lab, found the malware and which he called  ThiefQuest and it really does show up Apple’s faith-based security.

ThiefQuest has a whole other set of spyware capabilities that allow it to exfiltrate files from an infected computer, search the system for passwords and cryptocurrency wallet data, and run a robust keylogger to grab passwords, credit card numbers, or other financial information as a user types it in.

The spyware component also lurks persistently as a backdoor on infected devices, meaning it sticks around even after a computer reboots, and could be used as a launchpad for additional, or "second stage" attacks.

The Tame Apple Press has done its best to play down the threat of the malware.  It claims that Apple fanboys are perfectly safe unless they download pirated software which has not been official blessed by Apple.

Thomas Reed, director of Mac and mobile platforms at the security firm Malwarebytes, found that ThiefQuest is being distributed on torrent sites bundled with name-brand software, like the security application Little Snitch, DJ software Mixed In Key, and music production platform Ableton.

K7's Devadoss notes that the malware itself is designed to look like a "Google Software Update program".

For your Mac to become infected, you would need to torrent a compromised installer and then dismiss a series of warnings from Jobs’ Mob to run it.


Last modified on 04 July 2020
Rate this item
(1 Vote)