EvilQuest ransomware also impersonates Google Software Update Program.
There are more than 100 million Mac users around the globe and these figures alone make Apple a lucrative target for hackers and cybercriminals. It is also a fact that malicious element uses malware and, in some cases, ‘ransomware’ that steals vital information and data; encrypts it, and then asks for a ransom payment in return.
Now, a new data wiper and info-stealer malware called EvilQuest has been detected that ensues a decoy and then infects Mac operating system (macOS) rendering user data.
This macOS ransomware was recently identified by Dinesh Devadoss, a K7 lab malware researcher. Devadoss tweeted about the EvilQuest ransomware as a decoy that impersonates the Google Software Update program with zero detection.
See: 10 Powerful But Not Yet Promoted Antivirus for PC, Mac, Android, iPhone
Devadoss also discovered that the EvilQuest malware has anti-debug capabilities and can also determine if it is running on a virtual machine.
Besides this, the malware can also spot commonly used security tools such as Little Snitch firewall and anti-malware solutions like Norton. The malware then opens a reverse shell for communication indicating that the attacker can maintain full control over the infected host device.
Further analysis pursued by Thomas Reed of Malwarebytes evilquest ransomware devices through pirated software
