Mac Ransomware

You don’t often associate ransomware with Macs and there haven’t been too many strains tailored specifically to infect Apple’s Mac computers since the first Mac ransomware was reported about four years ago.

Dinesh Devadoss, a malware researcher at the firm K7 Lab, published finding about a new example of Mac ransomware, that fact alone was significant. It turns out, though, that the malware, which researchers are now calling ThiefQuest, gets more interesting from there. (Researchers originally dubbed it EvilQuest, until they discovered the Steam game series of the same name.)

In addition to ransomware, ThiefQuest has a whole other set of spyware capabilities that allow it to exfiltrate files from an infected computer, search the system for passwords and cryptocurrency wallet data, and run a robust keylogger to grab passwords, credit card numbers, or other financial information as a user types it in. The spyware component also lurks persistently as a backdoor on infected devices, meaning it sticks around even after a computer reboots, and could be used as a launchpad for additional, or “second stage,” attacks. Given that ransomware is so rare on Macs to begin with, this one-two punch is especially noteworthy.

Worth reading I think – see the full original article here