EvilQuest ransomware targets Macs; Ransom X blamed for TxDOT attack

EvilQuest ransomware targets Macs; Ransom X blamed for TxDOT attack

The crowded ransomware market is now home to three newly discovered players that recently gained the attention of security researchers and malware analysts — including one that targets Mac users and another blamed for a recent attack on the Texas Department of Transportation.


Dubbed OSX.EvilQuest, the Mac ransomware was observed being distributed on a Russian torrent link-sharing forum in the form of a downloadable disk image file. This file posed as an installer for the Little Snitch host-based application firewall.


Researchers from Objective-See and Malwarebytes have both reported on the threat [1, 2], with the former crediting K7 Computing researcher Dinesh Devadoss with first tweeting about a OSX.EvilQuest malware sample with a zero-percent anti-virus detection rate and a file name impersonating a Google Software Update program.


“It’s not everyday that a new piece of ransomware is uncovered that targets macOs,” observed Patrick Wardle, founder of Objective-See, in his company’s blog post.


Another variant of the ransomware was found in version of the popular DJ software Mixed In Key 8, an installer for which was also found in the trojanized installer that was distributed on the Russian forum. (Indeed, additional unseen program installers were likely also bundled within the installer package, Reed reported.)


The malware may have a few glitches to sort out, however, reported Thomas Reed, Malwarebytes’ director of Mac and mobile, in his own company blog post. For instance, while the malicious Little Snitch installer is supposed to actually deliver a genuine inst ..