Cybersecurity researchers have discovered a new strain of ransomware called EvilQuest that is specifically targeting Apple macOS through pirated applications.
This is the second Mac malware discovered by K7 Computing, a global cybersecurity firm, after the file-less Trojan identified last December.
Ransomware threats encrypt the victim’s files and demand a ransom for decryption.
‘EvilQuest’ goes further and also installs a keylogger to record the user’s keystrokes, a reverse shell that allows the attacker to run custom commands, and will also steal files commonly used by cryptocurrency wallets, the company said in a statement on Friday.
EvilQuest demands $50 in Bitcoin to decrypt the files but even if the attackers decrypt the files on receipt of ransom, they retain the ability to steal the victim’s credentials and files through the other malware installed along with the ransomware.
“EvilQuest demonstrates that cyber-criminals rapidly evolve attacks on every platform. By bundling ransomware with other malware they create threats that remain malicious even after the ransom is paid, confirming the futility of paying ransom to cyber attackers,” said J Kesavardhanan, Founder and CEO of K7 Computing.
Apple was yet to comment on the report.
K7 Threat Labs was formed to be at the forefront of malware analysis and repeatedly discovering new attacks.
“The ongoing Covid-19 scenario has given rise to increased levels of cyber threats and hacks and new strains of malware are on the upswing,” said the researchers.