New Mac Ransomware Found in Pirated Mac Apps

There's a new 'EvilQuest' Mac ransomware variant that's spreading through pirated Mac apps, according to a new report shared today by Malwarebytes. The new ransomware was found in pirated download for the Little Snitch app found on a Russian forum.

evilquestransomalert
Right from the point of download, it was clear that something was wrong with the illicit version of Little Snitch, as it had a generic installer package. It installed the actual version of Little Snitch, but it also installed an executable file named "Patch" into the /Users/Shared directory and a post-install script for infecting a machine.

The installation script moves the Patch file into a new location and renames it CrashReporter, a legitimate macOS process, keeping it hidden in Activity Monitor. From there, the Patch file installs itself in several spots on the Mac.

The ransomware encrypts settings and data files on the Mac, like Keychain files, resulting in an error when attempting to access the iCloud Keychain. The Finder also malfunctioned after installation, and there were problems with the dock and other apps.

Malwarebytes found the ransomware to work poorly and was not able to get instructions on paying the ransom, but a screenshot found on the forums where the malicious software originated suggests it's meant to prompt users to pay $50 to recover access to their files. Note: anyone infected with this ransomware or any ransomware should not pay the fee, because it does not remove the malware.

Along with the ransom activity, the malware may also install a keylogger for monitoring keystrokes, but what the malware does with the functionality is unknown. Malwarebytes says that its software for Mac is able to remove the ransomware, detected as Ransom.OSX.EvilQuest. Encrypted files will require a restore from a backup, though.

Similar ransomware was found in other pirated apps, and Mac users can avoid it by staying away from pirated apps and untrustworthy websites and forums that offer illicit downloads.

Popular Stories

iOS 18

Here Are Apple's Full Release Notes for iOS 18.2

Thursday December 5, 2024 11:48 am PST by
Apple seeded the release candidate version of iOS 18.2 today, which means it's going to see a public launch imminently. Release candidates represent the final version of new software that will be provided to the public should no last minute bugs be found, and Apple includes release notes with the RC launch. The iOS 18.2 release notes provide a look at all of the new features that are coming...
New Things Your iPhone Can Do in iOS 18

20 New Things Your iPhone Can Do in iOS 18.2

Friday December 6, 2024 4:42 am PST by
Apple is set to release iOS 18.2 in the second week of December, bringing the second round of Apple Intelligence features to iPhone 15 Pro and iPhone 16 models. This update brings several major advancements to Apple's AI integration, including completely new image generation tools and a range of Visual Intelligence-based enhancements. There are a handful of new non-AI related feature controls...
iPhone 17 Slim Feature

iPhone 17 'Air' Expected to Be ~2mm Thinner Than iPhone 16 Pro

Friday December 6, 2024 4:07 pm PST by
In 2025, Apple is planning to debut a thinner version of the iPhone that will be sold alongside the iPhone 17, iPhone 17 Pro, and iPhone 17 Pro Max. This iPhone 17 "Air" will be about two millimeters thinner than the current iPhone 16 Pro, according to Bloomberg's Mark Gurman. The iPhone 16 Pro is 8.25mm thick, so an iPhone 17 that is 2mm thinner would come in at around 6.25mm. At 6.25mm,...
iPhone 14 Pro Display Two Times Brighter Feature

Every Display Upgrade Rumored for Apple's iPhone 17

Friday December 6, 2024 5:14 am PST by
Apple's next-generation iPhone 17 lineup may bring some of the most significant display improvements we've seen in recent years. While the iPhone 17 series isn't expected until late 2025, multiple rumors suggest Apple is working on substantial screen upgrades across its entire smartphone range. From enhanced refresh rates to advanced materials and improved power efficiency, these display...
airpods pro 2 gradient

AirPods Pro 3 Expected Next Year: Here's What We Know

Thursday November 28, 2024 3:30 am PST by
Despite being released over two years ago, Apple's AirPods Pro 2 continue to dominate the wireless earbud market. However, with the AirPods Pro 3 expected to launch sometime in 2025, anyone thinking of buying Apple's premium earbuds may be wondering if the next generation is worth holding out for. Apart from their audio and noise-canceling performance, which are generally regarded as...
iCloud General Feature

Apple Defeats Lawsuit Related to iCloud's Measly 5GB of Free Storage

Friday December 6, 2024 7:43 am PST by
The U.S. Court of Appeals for the Ninth Circuit this week upheld a lower court's dismissal of a lawsuit alleging that Apple illegally deceived customers into paying for iCloud storage, according to a court filing. The decision was reported by Law360. The lawsuit alleged that Apple deceived customers into purchasing iCloud-enabled devices by misleading customers into believing that they can...
surface studio 4

Microsoft Discontinues iMac Rival Surface Studio 2+

Friday December 6, 2024 6:30 am PST by
Microsoft has discontinued its Surface Studio 2+, marking the end of the company's only direct competitor to Apple's iMac, leaving a gap in the Windows ecosystem for high-end all-in-one PCs. Microsoft has confirmed to Windows Central that it has ended production of the Surface Studio 2+, a premium all-in-one desktop designed for creative professionals. With remaining stock now limited to...
open ai logo

OpenAI Launches $200/Month ChatGPT Pro Plan

Thursday December 5, 2024 4:19 pm PST by
OpenAI today announced the launch of ChatGPT Pro, a $200 per month subscription service that provides unlimited access to OpenAI o1, the company's newest and most advanced large language model. The plan includes unlimited use of OpenAI o1, o1-mini, GPT-4o, and Advanced Voice, along with o1 pro mode, an o1 version that uses more compute to provide better answers to the hardest problems. In...

Top Rated Comments

Apple Macintosh 128K Avatar
58 months ago
Stick to legit apps from legit services and you'll be fine. Also keep an eye to make sure the apps are properly signed.

To have this happen you have to bypass macOS security and allow the non-signed installer run. It's like giving the keys to your house to some questionable person on the street and then being surprised when they take your stuff.
Score: 30 Votes (Like | Disagree)
icanhazmac Avatar
58 months ago
While more ransomware on Macs is not welcome pirates get what pirates get.
Score: 25 Votes (Like | Disagree)
swm Avatar
58 months ago
in any case, if this happens to you, a 2 step procedure will save the day:
- boot into internet recovery (can't be sure if the on-disk recovery data is compromised)
- reinstall from timecapsule
Score: 17 Votes (Like | Disagree)
Mr_Brightside_@ Avatar
58 months ago

Not to worry, this is what developers want apparently, rather than paying 30% to Apple.
I'm not sure you understand the situation fully...
Score: 17 Votes (Like | Disagree)
doboy Avatar
58 months ago
That's what you get for pirating apps.
Score: 16 Votes (Like | Disagree)
neoelectronaut Avatar
58 months ago
No sympathy for anyone that pirates software.
Score: 13 Votes (Like | Disagree)