New Mac Ransomware Found in Pirated Mac Apps

There's a new 'EvilQuest' Mac ransomware variant that's spreading through pirated Mac apps, according to a new report shared today by Malwarebytes. The new ransomware was found in pirated download for the Little Snitch app found on a Russian forum.

evilquestransomalert
Right from the point of download, it was clear that something was wrong with the illicit version of Little Snitch, as it had a generic installer package. It installed the actual version of Little Snitch, but it also installed an executable file named "Patch" into the /Users/Shared directory and a post-install script for infecting a machine.

The installation script moves the Patch file into a new location and renames it CrashReporter, a legitimate macOS process, keeping it hidden in Activity Monitor. From there, the Patch file installs itself in several spots on the Mac.

The ransomware encrypts settings and data files on the Mac, like Keychain files, resulting in an error when attempting to access the iCloud Keychain. The Finder also malfunctioned after installation, and there were problems with the dock and other apps.

Malwarebytes found the ransomware to work poorly and was not able to get instructions on paying the ransom, but a screenshot found on the forums where the malicious software originated suggests it's meant to prompt users to pay $50 to recover access to their files. Note: anyone infected with this ransomware or any ransomware should not pay the fee, because it does not remove the malware.

Along with the ransom activity, the malware may also install a keylogger for monitoring keystrokes, but what the malware does with the functionality is unknown. Malwarebytes says that its software for Mac is able to remove the ransomware, detected as Ransom.OSX.EvilQuest. Encrypted files will require a restore from a backup, though.

Similar ransomware was found in other pirated apps, and Mac users can avoid it by staying away from pirated apps and untrustworthy websites and forums that offer illicit downloads.

Top Rated Comments

Apple Macintosh 128K Avatar
29 months ago
Stick to legit apps from legit services and you'll be fine. Also keep an eye to make sure the apps are properly signed.

To have this happen you have to bypass macOS security and allow the non-signed installer run. It's like giving the keys to your house to some questionable person on the street and then being surprised when they take your stuff.
Score: 30 Votes (Like | Disagree)
icanhazmac Avatar
29 months ago
While more ransomware on Macs is not welcome pirates get what pirates get.
Score: 25 Votes (Like | Disagree)
swm Avatar
29 months ago
in any case, if this happens to you, a 2 step procedure will save the day:
- boot into internet recovery (can't be sure if the on-disk recovery data is compromised)
- reinstall from timecapsule
Score: 17 Votes (Like | Disagree)
Mr_Brightside_@ Avatar
29 months ago

Not to worry, this is what developers want apparently, rather than paying 30% to Apple.
I'm not sure you understand the situation fully...
Score: 17 Votes (Like | Disagree)
doboy Avatar
29 months ago
That's what you get for pirating apps.
Score: 16 Votes (Like | Disagree)
neoelectronaut Avatar
29 months ago
No sympathy for anyone that pirates software.
Score: 13 Votes (Like | Disagree)

Popular Stories

apple watch ultra deuglify 1

Apple Watch Ultra User Mods Titanium Casing to 'Deuglify' Design

Tuesday September 27, 2022 8:05 am PDT by
An Apple Watch Ultra user has modified their new device's casing to add a brushed finish and remove the orange color of the Action Button in an effort to make it more visually appealing. The Apple Watch Ultra offers the first complete redesign of the Apple Watch since the product line's announcement in 2014, and while the design has been met with praise from many users, some have criticized...
Dark Sky App Featured

Dark Sky Removed From iOS App Store Ahead of Upcoming Shutdown

Wednesday September 28, 2022 4:27 pm PDT by
The Dark Sky weather app that's owned by Apple is no longer available for download in the U.S. App Store, suggesting that it has been removed ahead of schedule. Apple acquired Dark Sky back in March 2020 and has since incorporated elements of the app into the Weather app available on the iPhone (and soon, the iPad). Dark Sky remained available for purchase as a standalone weather app...
iphone 14 pro max vs 13 max 2

Camera Comparison: iPhone 14 Pro Max vs. iPhone 13 Pro Max

Thursday September 29, 2022 7:44 am PDT by
The iPhone 14 Pro and Pro Max introduce some major improvements in camera technology, adding a 48-megapixel lens and low-light improvements across all lenses with the new Photonic Engine. We've spent the last week working on an in-depth comparison that pits the new iPhone 14 Pro Max against the prior-generation iPhone 13 Pro Max to see just how much better the iPhone 14 Pro Max can be. Subscrib ...
apple watch ultra hammer test

YouTuber Tests Apple Watch Ultra Durability With a Hammer: Table Breaks Before the Watch

Sunday September 25, 2022 2:27 pm PDT by
A YouTuber has put Apple's claims for the durability of the Apple Watch Ultra to the test by putting it up against a drop test, a jar of nails, and repeated hits with a hammer to test the sapphire crystal protecting the display. TechRax, a channel popular for testing the durability of products, first tested the Apple Watch Ultra by dropping it from around four feet high. The Apple Watch...
tony blevins car

Apple Procurement VP Departs Company After Vulgar TikTok Comment

Thursday September 29, 2022 12:38 pm PDT by
Tony Blevins, Apple's vice president of procurement, is set to depart the company after he made a crude comment about his profession in a recent TikTok video, reports Bloomberg. Blevins was in a video by TikTok creator Daniel Mac, who was doing a series on the jobs of people he spotted with expensive cars. After seeing Blevins in an expensive Mercedes-Benz SLR McLaren, Mac asked Blevins what ...
iPhone 14 Pros in Hand Black Background Feature

Verizon iPhone 14 Pro Customers Reporting Cellular Connection Issues

Monday September 26, 2022 6:23 am PDT by
iPhone 14 Pro customers on the Verizon network in the U.S. are reporting issues with slow and unreliable 5G cellular connections and calls randomly dropping. Several threads on Reddit (1,2,3) and the MacRumors forums chronicle issues faced by Verizon customers and Apple's latest iPhone. According to user reports, signal strength on the iPhone 14 Pro is unreliable and weak, while other...
iPhone 15 to Switch From Lightning to USB C in 2023 feature sans arrow

Kuo: iPhone 14 Pro Max Popularity Could Lead to More Differentiation Between iPhone 15 Pro and iPhone 15 Pro Max

Wednesday September 28, 2022 10:22 am PDT by
Apple has seen high demand for the 6.7-inch iPhone 14 Pro Max, which could lead the company to further differentiate the next-generation iPhone 15 Pro and Pro Max, according to Apple analyst Ming-Chi Kuo. Apple could add exclusive features to the iPhone 15 Pro Max in an effort to encourage more people to purchase the larger and more expensive device. Kuo last week said that Apple asked...
iPhone 14 Pro Sports Scores Dynamic Island

iPhone 14 Pro Features Live Sports Scores in Dynamic Island on iOS 16.1

Monday September 26, 2022 7:52 am PDT by
Earlier this month, Apple announced that iOS 16.1 will enable a new Live Activities feature that allows iPhone users to stay on top of things that are happening in real time, such as a sports game or a food delivery order, right from the Lock Screen. On the iPhone 14 Pro and Pro Max, Live Activities also integrate with the Dynamic Island. Premier League match in Dynamic Island via Paul Bradford ...
iOS 16

Everything New in the Latest iOS 16.1 and iPadOS 16.1 Betas: Stage Manager Expansion, Wallpaper Tweaks and More

Tuesday September 27, 2022 11:36 am PDT by
Apple today released new betas of iOS 16.1 and iPadOS 16.1 to developers, tweaking some of the functionality that's been introduced in prior betas and in the case of iPadOS 16.1, adding a major new feature to Stage Manager. We've rounded up everything new in both betas below. Wallpaper Updates Apple has updated the Wallpaper section of the Settings app to allow users to swap between...
General iOS 16 Feature Yellow

Some iOS 16 Users Continue to Face Unaddressed Bugs and Battery Drain Two Weeks After Launch

Monday September 26, 2022 7:34 am PDT by
Today marks exactly two weeks since Apple released iOS 16 to the public. Besides the personalized Lock Screen, major changes in Messages, and new features in Maps, the update has also seen its fair share of bugs, performance problems, battery drain, and more. After major iOS updates, it's normal for some users to report having issues with the new update, but such reports usually subside in...