A new type of Mac ransomware is targeting users, and it can collect passwords and credit card information, among others.
The new Mac ransomware is called ThiefQuest. Some security experts refer to it as the EvilQuest malware. Regardless of the name, the malware opens some serious vulnerabilities on the Mac operating system.
This new strain of malware is specifically designed to target Mac devices. This is the first time that a malware specifically targets a particular platform. Most malwares are designed to work on all platforms, but ThiefQuest has a specific target, and that is the Mac platform.
A plethora of malware
Based on cybersecurity reports, ThiefQuest contains multiple payloads. The malware contains several spyware utilities that are capable of stealing user information. The malware targets system passwords, financial information, and credit card numbers.
One of the most unnerving features of the ThiefQuest malware is its ability to stay hidden. Once it propagates into its target system, the malware can stay virtually undetected. This allows the malware to propagate unsuspectingly into its target device.
— Threatpost (@threatpost) June 16, 2017
Once the malware hacks into its target, it will launch its payload after the user reboots the device. This is what experts call a “second stage” attack. Since Mac ransomware is very rare, this new attack perspective is very effective.
Jamf security researcher Patrick Wardle said:
“Looking at the code, if you split the ransomware logic from all the other backdoor logic the two pieces completely make sense as individual malware.”
Defense mechanism against malwares
While ThiefQuest is a noteworthy malware, experts believe that they will not reach the mainstream population. The malware uses social engineering features to fool users into downloading its payload. Experts believe that as long as users stray away from these malicious platforms they will be safe.
Security experts noted that the primary delivery platform of the new Mac ransomware is through torrent. This means that if users stray away from downloading through torrents, they are relatively safe.
Experts also advise that users should only download applications from legitimate platforms. Aside from the Apple App Store, Apple also provides certification to legitimate software providers. Users should always consider the legitimacy of the applications that they install into their devices.
Considering its payload and infection strategy, TheifQuest is a notable Mac ransomware. Nevertheless, the malware still relies heavily on social engineering. Cybersecurity experts believe that as long as users use legitimate Apple platforms, they will be spared from the malware.
Image courtesy of Krisda/Shutterstock