Pirated Mac Applications Could Contain ThiefQuest Ransomware

July 15, 2020

Written by wukovits

If you have one or more illegal copies of Apple software on your Mac, be aware that there’s a new threat to be concerned about.

An info-stealing, data wiping malware strain known as ThiefQuest has been found embedded in torrents of illicit software written for macOS.

While ThiefQuest isn’t as commonly seen as some other macOS malware like FileCoder, Patcher or KeRanger, it’s still common enough to stay on the alert for. That’s especially if you use any of the popular torrent sites to grab copies of your favorite software.

The malware strain was first spotted in the wild by Dinesh Devadoss, a security research for K7 Lab. It was analyzed by Thomas Reed, the Director of Mac and Mobile Services for Malwarebytes, legendary researcher Patrick Wardle, and Bleeping Computer’s Lawrence Abrams.

Based on the findings of these researchers, here’s what we know about ThiefQuest:

  • It has some advanced anti-detection capabilities, including the ability to check to see if it’s running on a virtual machine, and if so, it will terminate to avoid detection.
  • It installs a keylogger and opens a reverse shell on the infected machine,
  • It has the ability to check for some of the more commonly used security tools and antimalware solutions, including Kaspersky, Norton, McAffee, Bitdefender, Bullguard, DrWeb, and Avast)

Armed with these capabilities, the attacker can maintain full control over an infected host” Patrick Wardle noted.

Curiously, ThiefQuest seems almost picky in terms of what files it encrypts. There doesn’t appear to be a readily definable pattern, and this can cause a variety of issues on infected systems.

In any event, once it finishes encrypting whatever files it has selected, it will generate a text file named “READ_ME_NOW.txt” that includes ransom instructions. Victims are currently being asked to pay a $50 ransom in Bitcoin within 72 hours of the message being generated, which is a quite modest sum by modern ransomware standards.

Wardle and the other researchers note, however, that it could increase at any time. Beware of ThiefQuest. Although not the most dangerous malware strain out there, it’s certainly a legitimate threat.

Used with permission from Article Aggregator

Bayou Tech

We provide solutions for your business. Find out how we can help.

Related Articles

Unlocking Small Business Success: The Impact of AI in a Digital Era

In the rapidly evolving business landscape, staying competitive necessitates embracing technological advancements. Artificial Intelligence (AI), once perceived as a luxury for larger enterprises, is now accessible to small businesses, offering new opportunities for...

Major Cyber Attack at OMV

Louisiana’s Office of Motor Vehicles (OMV) is one of a still undetermined number of government entities, major businesses, and organizations to be affected by an unprecedented Data Breach.There is no indication at this time that cyber attackers who breached MOVEit...

New Graphene Technology May Increase Hard Drive Storage

HDDs are old, well understood technology. They haven't changed much in recent years. In fact, increasingly, people are writing them off, preferring SSDs for their greater speed and smaller size, even though HDDs are less expensive. The clever folks at the University...

Send us a message

Your message was sent.