A new ransomware is targeting macOS users who download installers for popular apps via torrent files.
Known as EvilQuest, the attack was first spotted by Dinesh Devadoss, a K7 Lab malware researcher. Findings show that EvilQuest has been quite active since the start of June 2020. Malware lab firms, like Malwarebytes, have found the ransomware attached to pirated macOS software distributed mainly through torrent sites and warez forums.
EvilQuest asks victims to pay a ransom through the same static Bitcoin (BTC) address in every documented attack. One of the first signs that EvilQuest has deployed an attack is that MacOS Finder freezes. Once file encryption is complete, a text file is generated with ransom instructions.
Brett Callow, threat analyst and ransomware expert at malware lab, Emsisoft, believes that EvilQuest is unlikely to be anything other than a very small-scale threat:
“The fact that Macs have a relatively small market share means they’re not a particularly attractive target for ransomware groups and they’re unlikely to invest significant resources in targeting Mac users.”
Findings also show that the average ransom demanded by the attackers is $50 worth in BTC. Victims are usually given a deadline of 72 hours to pay.
“That said, a threat is a threat and it’s something Mac-users should be aware of. Thankfully, as this ransomware appears to be targeted exclusively via pirated software, it’s very easily avoided simply by not using pirated software. That holds true whether you’re a Mac user or a Windows user: pirated software and cracks are the primary distribution method for the types of ransomware that target home users.”