EvilQuest: New ransomware spreads through pirated Mac apps

According to a report by Malwarebytes a new ransomware EvilQuest is spreading through pirated Mac apps. The ransomware comes from the pirated version of the app called Little Snitch. This pirated version for the app is available for download from a Russian forum.

According to Malwarebytes, it was clear right from the start that something was wrong with the app. The pirated app also installed the real version of Little Snitch but also installs a patch. It installs the patch into the /Users/Shared directory. It also installs a post-install script to infect the phone.

Mac Apps

This script then renames the patch as “CrashReporter” which is a legit Mac process. Then the patch file installs itself into Mac in several directories. This ransomware then affects data files and settings and when the user accesses the iCloud Keychain it gives an error.

Malware Bytes reports that it also affected several apps and the dock. However, ransomware works poorly. It does not give specific instructions for paying the ransom. However, the screenshots suggest that it asks for the users to pay $50 to get back the access to their files.