News, tips, advice, support for Windows, Office, PCs & more. Tech help. No bull. We're community supported by donations from our Plus Members, and proud of it
Home icon Home icon Home icon Email icon RSS icon
  • New ThiefQuest ransomware discovered targeting macOS users

    Posted on Alex5723 Comment on the AskWoody Lounge

    Home Forums AskWoody support Non-Windows operating systems macOS New ThiefQuest ransomware discovered targeting macOS users

    Viewing 10 reply threads
    • Author
      Posts
      • #2284159 Reply
        Alex5723
        AskWoody Plus

        ThiefQuest ransomware encrypts macOS systems but also installs a keylogger and a reverse shell for full control over infected hosts.

        Named OSX.ThiefQuest (or EvilQuest), this ransomware is different from previous macOS ransomware threats because besides encrypting the victim’s files, ThiefQuest also installs a keylogger, a reverse shell, and steals cryptocurrency wallet-related files from infected hosts.

        “Armed with these capabilities, the attacker can main full control over an infected host,” said Patrick Wardle, Principal Security Researcher at Jamf. This means that even if victims paid, the attacker would still have access to their computer and continue to steal files and keyboard strokes….

        Wardle, who has created several open-source macOS security tools, said that a tool he released in 2016, named RansomWhere, can detect and stop EvilQuest from running. Reed also said that Malwarebytes for Mac was also updated to detect and stop this ransomware before it does any damage.

        https://www.zdnet.com/article/new-evilquest-ransomware-discovered-targeting-macos-users/

        • This topic was modified 1 week, 3 days ago by Alex5723.
        Attachments:
        2 users thanked author for this post.
      • #2284176 Reply
        Myst
        AskWoody Plus

        Malwarebytes for Mac was also updated to detect and stop this ransomware before it does any damage.

        Will the free version of Malwarebytes be enough to take care of this ransomware? Or is this statement in reference to the premium version only?

        Win7 SP1 Home x64, MacOS / Chromebook

        1 user thanked author for this post.
      • #2284182 Reply
        Alex5723
        AskWoody Plus

        Will the free version of Malwarebytes be enough to take care of this ransomware?

        No.

        The free version doesn’t protect in real-time so manually scanning with the free version will be too late on an infected machine.

        The difference between free vs paid is real-time protection.

        Malwarebytes Free vs Premium

        • This reply was modified 1 week, 3 days ago by Alex5723.
        3 users thanked author for this post.
        • #2284188 Reply
          Myst
          AskWoody Plus

          I just read up on it as you posted this. On demand scan only, with the free version, won’t cut it.

          Win7 SP1 Home x64, MacOS / Chromebook

      • #2284339 Reply
        OscarCP
        AskWoody Plus

        This is even worse than other ransomware, according to this excerpt from the same article:

        Furthermore, researchers also noted that the ThiefQuest also doesn’t include a method through which victims could contact the ransomware authors, or a method through which the malware authors could track payments. This means that any victims who pay won’t likely receive a decryption key to recover their files, as there is no way for the ThiefQuest group to say who paid and who didn’t.”

        “All victims infected by this point should consider their data lost forever, unless researchers find a way to break the encryption and recover their files.

        A possible reason could be, according to the same article, that this malware was developed as a form of spyware and then a low-end ransomware was tacked on to it. The black hats make money anyway and do not have to worry about sending keys to their victims, while they remain able to keep stealing information whenever the affected computer is being used.

        Windows 7 Professional, SP1, x64 Group W (ex B) & macOS + Linux (Mint)

        1 user thanked author for this post.
      • #2285470 Reply
        Nathan Parker
        AskWoody_MVP

        I have Malwarebytes Premium on my iMac Pro, and the free version on my older iMac.

        I’m wondering if some of the stuff from Objective See would also block this, and if so, which of their apps I should download.

        https://objective-see.com/products.html

        I might start with RansomWare? on their list, and if there are any others I should install, I can try those as well.

        Thanks again!

        Nathan Parker

        1 user thanked author for this post.
      • #2285480 Reply
        OscarCP
        AskWoody Plus

        Nathan: RansomWhere, Oversight, Commandline Utilities look interesting. But they might not be compatible with more recent versions of macOS, because some tools (not these, but…) are said to be intended for use with “El Capitan”, several versions back. If you decided to try some of these, I shall be interested to know the results and your recommendations.

        Windows 7 Professional, SP1, x64 Group W (ex B) & macOS + Linux (Mint)

        2 users thanked author for this post.
      • #2285483 Reply
        Nathan Parker
        AskWoody_MVP

        Sounds good. I’m also asking a Mac User Group I have email access to if any of them use the tools and if so, which ones they recommend.

        Nathan Parker

      • #2286662 Reply
        bassmanzam
        AskWoody Plus

        Can we expect a Security Update? Or just wishful thinking?

      • #2286663 Reply
        Nathan Parker
        AskWoody_MVP

        I talked with the Mac User Group. They use BlockBlock and KnockKnock in addition to RansomWare?.

        I’ve been trying RansomWare?, and it seems to work well. It tells me even if legit apps are encrypting files so I can one-click allow them.

        Nathan Parker

        1 user thanked author for this post.
      • #2286681 Reply
        Alex5723
        AskWoody Plus

        Can we expect a Security Update? Or just wishful thinking?

        What security update ? This sin’t an OS security bug. It is users behavior security bug. Use a good A/V software and daily backups.

        2 users thanked author for this post.
      • #2286687 Reply
        Myst
        AskWoody Plus

        Just be careful what kind of software you download and make sure it’s from a trustworthy source. And a good A/V is a must have.

        Win7 SP1 Home x64, MacOS / Chromebook

        1 user thanked author for this post.
    Viewing 10 reply threads

    Please follow the -Lounge Rules- no personal attacks, no swearing, and politics/religion are relegated to the Rants forum.

    Reply To: New ThiefQuest ransomware discovered targeting macOS users

    You can use BBCodes to format your content.
    Your account can't use Advanced BBCodes, they will be stripped before saving.