ThiefQuest Ransomware Targets Mac Devices As It Spreads Via Piracy

Heads up Mac users! Don’t fall for the Little Snitch free version offered on different forums. In fact, this applies to every premium software that the provider offers for free. A new ransomware ‘ThiefQuest’ is in the wild targeting Mac devices via pirated software.

Reportedly, a researcher Dinesh Devadoss caught a new malware in the wild targeting Mac devices. Disclosing about it in a tweet, the researcher stated that he found the malware impersonating the Google Software Update Program.

Nonetheless, further analyses of the malware revealed that that is not the only source through which the malware disseminated. Rather, the malware, precisely, ransomware, first named an EvilQuest, then renamed as ThiefQuest, actually spread through many sources.

According to Patrick Wardle’s analysis, he caught the malware sample packaged as a pirated copy of the popular music software ‘Mixed In Key’. Whereas, Thomas Reed of Malwarebytes found it packaged as the pirated version of Little Snitch – a macOS application firewall.

So, it seems the threat actors may have hidden the ThiefQuest ransomware in various false apps for Mac devices.

In brief, upon reaching the target device after the victim installs the fake app. Along with the legit installer, the package also downloads an executable file named ‘patch’ on the device. This would, in turn, launch the malware whilst establishing the infected device’s communication with the C&C server.

You Might Also Like