News, tips, advice, support for Windows, Office, PCs & more
Home icon Home icon Home icon Email icon RSS icon

We're community supported and proud of it!

  • New ThiefQuest ransomware discovered targeting macOS users

    Home Forums AskWoody support Non-Windows operating systems macOS New ThiefQuest ransomware discovered targeting macOS users

    Viewing 10 reply threads
    • Author
      Posts
      • #2284159
        Alex5723
        AskWoody Plus

        ThiefQuest ransomware encrypts macOS systems but also installs a keylogger and a reverse shell for full control over infected hosts.

        Named OSX.ThiefQuest (or EvilQuest), this ransomware is different from previous macOS ransomware threats because besides encrypting the victim’s files, ThiefQuest also installs a keylogger, a reverse shell, and steals cryptocurrency wallet-related files from infected hosts.

        “Armed with these capabilities, the attacker can main full control over an infected host,” said Patrick Wardle, Principal Security Researcher at Jamf. This means that even if victims paid, the attacker would still have access to their computer and continue to steal files and keyboard strokes….

        Wardle, who has created several open-source macOS security tools, said that a tool he released in 2016, named RansomWhere, can detect and stop EvilQuest from running. Reed also said that Malwarebytes for Mac was also updated to detect and stop this ransomware before it does any damage.

        https://www.zdnet.com/article/new-evilquest-ransomware-discovered-targeting-macos-users/

        • This topic was modified 9 months, 2 weeks ago by Alex5723.
        Attachments:
        2 users thanked author for this post.
      • #2284176
        Myst
        AskWoody Plus

        Malwarebytes for Mac was also updated to detect and stop this ransomware before it does any damage.

        Will the free version of Malwarebytes be enough to take care of this ransomware? Or is this statement in reference to the premium version only?

        Win7 Home x64 MacOS Chromebook

        1 user thanked author for this post.
      • #2284182
        Alex5723
        AskWoody Plus

        Will the free version of Malwarebytes be enough to take care of this ransomware?

        No.

        The free version doesn’t protect in real-time so manually scanning with the free version will be too late on an infected machine.

        The difference between free vs paid is real-time protection.

        Malwarebytes Free vs Premium

        • This reply was modified 9 months, 2 weeks ago by Alex5723.
        3 users thanked author for this post.
        • #2284188
          Myst
          AskWoody Plus

          I just read up on it as you posted this. On demand scan only, with the free version, won’t cut it.

          Win7 Home x64 MacOS Chromebook

      • #2284339
        OscarCP
        AskWoody Plus

        This is even worse than other ransomware, according to this excerpt from the same article:

        Furthermore, researchers also noted that the ThiefQuest also doesn’t include a method through which victims could contact the ransomware authors, or a method through which the malware authors could track payments. This means that any victims who pay won’t likely receive a decryption key to recover their files, as there is no way for the ThiefQuest group to say who paid and who didn’t.”

        “All victims infected by this point should consider their data lost forever, unless researchers find a way to break the encryption and recover their files.

        A possible reason could be, according to the same article, that this malware was developed as a form of spyware and then a low-end ransomware was tacked on to it. The black hats make money anyway and do not have to worry about sending keys to their victims, while they remain able to keep stealing information whenever the affected computer is being used.

        Windows 7 Professional, SP1, x64 Group W (ex B) & macOS Mojave + Linux (Mint)

        1 user thanked author for this post.
      • #2285470
        Nathan Parker
        AskWoody_MVP

        I have Malwarebytes Premium on my iMac Pro, and the free version on my older iMac.

        I’m wondering if some of the stuff from Objective See would also block this, and if so, which of their apps I should download.

        https://objective-see.com/products.html

        I might start with RansomWare? on their list, and if there are any others I should install, I can try those as well.

        Thanks again!

        Nathan Parker

        1 user thanked author for this post.
      • #2285480
        OscarCP
        AskWoody Plus

        Nathan: RansomWhere, Oversight, Commandline Utilities look interesting. But they might not be compatible with more recent versions of macOS, because some tools (not these, but…) are said to be intended for use with “El Capitan”, several versions back. If you decided to try some of these, I shall be interested to know the results and your recommendations.

        Windows 7 Professional, SP1, x64 Group W (ex B) & macOS Mojave + Linux (Mint)

        2 users thanked author for this post.
      • #2285483
        Nathan Parker
        AskWoody_MVP

        Sounds good. I’m also asking a Mac User Group I have email access to if any of them use the tools and if so, which ones they recommend.

        Nathan Parker

      • #2286662
        bassmanzam
        AskWoody Plus

        Can we expect a Security Update? Or just wishful thinking?

      • #2286663
        Nathan Parker
        AskWoody_MVP

        I talked with the Mac User Group. They use BlockBlock and KnockKnock in addition to RansomWare?.

        I’ve been trying RansomWare?, and it seems to work well. It tells me even if legit apps are encrypting files so I can one-click allow them.

        Nathan Parker

        1 user thanked author for this post.
      • #2286681
        Alex5723
        AskWoody Plus

        Can we expect a Security Update? Or just wishful thinking?

        What security update ? This sin’t an OS security bug. It is users behavior security bug. Use a good A/V software and daily backups.

        2 users thanked author for this post.
      • #2286687
        Myst
        AskWoody Plus

        Just be careful what kind of software you download and make sure it’s from a trustworthy source. And a good A/V is a must have.

        Win7 Home x64 MacOS Chromebook

        1 user thanked author for this post.
    Viewing 10 reply threads

    Please follow the -Lounge Rules- no personal attacks, no swearing, no politics or religion.

    Reply To: New ThiefQuest ransomware discovered targeting macOS users

    You can use BBCodes to format your content.
    Your account can't use Advanced BBCodes, they will be stripped before saving.