Researchers have developed a decryption tool for the recently discovered EvilQuest ransomware program designed to target Mac machines. But several analysts now concur that EvilQuest’s malicious encryption may be more of a decoy, while the program’s true purpose appears to be data exfiltration.
In a new blog post this week, Thomas Reed, director of Mac and mobile at Malwarebytes, backed up an earlier conclusion by BleepingComputer that EvilQuest should be classified more as an information stealer and wiper that attempts to hide its data thievery through misdirection.
Additionally, Mac security company Objective-See has similarly reported that the malware is more than meets the eye, and “far more powerful and insidious” than any “mundane ransomware.”
Multiple analyses of EvilQuest have found that aside from encrypting files, the malware includes capabilities for keylogging, in-memory code execution, anti-analysis techniques and hidden purpose evilquest ransomware exfiltration
