EvilQuest ransomware also impersonates Google Software Update Program.
There are more than 100 million Mac users around the globe and these figures alone make Apple a lucrative target for hackers and cybercriminals. It is also a fact that malicious element uses malware and, in some cases, ‘ransomware’ that steals vital information and data; encrypts it, and then asks for a ransom payment in return.
Now, a new data wiper and info-stealer malware called EvilQuest has been detected that ensues a decoy and then infects Mac operating system (macOS) rendering user data.
This macOS ransomware was recently identified by Dinesh Devadoss, a K7 lab malware researcher. Devadoss tweeted about the EvilQuest ransomware as a decoy that impersonates the Google Software Update program with zero detection.
Devadoss also discovered that the EvilQuest malware has anti-debug capabilities and can also determine if it is running on a virtual machine.
Besides this, the malware can also spot commonly used security tools such as Little Snitch firewall and anti-malware solutions like Norton. The malware then opens a reverse shell for communication indicating that the attacker can maintain full control over the infected host device.
Further analysis pursued by Thomas Reed of Malwarebytes depicted that the malware was found on pirated versions of macOS software commonly searched for installations on popular torrent websites.
Upon further examination, such pirated software decoyed the malware wrapped as legitimate software. Once installed, it infected the host via compressed installer files which included original installers and uninstallers amalgamated with a malicious patch binary and post-install script which was used as a dais to launch EvilQuest.
It’s worth noting that back in 2016, similar ransomware known as ‘KeRanger’ targeted Mac users in a similar way. In KeRanger’s case, the malware subtly infected macOS via a piece of BitTorrent software called the Transmission. Whilst the Mac users downloaded the latest version of the torrent software the ransomware would install undetected with it.
However, downloading pirated versions of software is borderline unethical but users involved in this are easy targets for hackers and cybercriminals alike.
How safe is your Mac?
Usually, a growing number of threats targeting macOS stems from random downloads or pirated installations. In other cases, users expect their Macbook to operate buggy software, defying the fact that this could wreak havoc in their systems.
A previous report [PDF] from Malwarebytes stated that there has been a whopping 400 percent spike in malware infections in 2019, indicating how vulnerable MacOS is.
Recent malware attacks against Mac devices
Nevertheless, previously detected Shlayer malware was used earlier this year as well. Wherein, a group of cybercriminals deployed steganography techniques to embed malicious codes in advertisement and commonly appearing popup windows.
This isn’t it, macOS Bundlore is another type of malware that was previously known for showcasing unsolicited advertisements and thus, infected devices. Both Shlayer and Bundlore malware were found spreading themselves through Google search results indicating that the search engines that we so profusely use and are increasingly dependent upon, aren’t safe anymore.
How to protect your Mac devices from cyber attacks?
Since Mac devices are constantly under cyber attacks it is vital that users master the art of protecting their devices. Here are 10 simple tips to follow:
Use a VPN software
Disable Remote Login
Use Two built-in firewalls
Disable Automatic user login
Update your Mac OS X regularly
Remove standalone Flash Player
Install reliable Mac Anti-Virus software
Set GateKeeper to prevent digitally unsigned apps
Turn off Java and auto-download in Safari browser
Don’t download pirated software or apps from third-party platforms