A zip attachment contains a img with an exe: the malware. The other, a pdf downloading a zip with an exe: the same malware. The data is exfiltrated via SMTP.
Cybercrime, new Mac ransomware spreads via piracy: OSX.EvilQuest
A new Mac ransomware is on the wild: it’s OSX.EvilQuest. The cyber security experts: It’s present in online forums-torrent sites linked to MacOS software. The malware incorporates a keylogger, a reverse shell and can empty cryptocurrency wallets
A new Mac ransomware is on the wild: it has been dubbed OSX.EvilQuest, and exploit piracy to spread. It has been discovered by K7 Computing cyber security expert Dinesh Devadoss and analyzed by Malwarebytes and Objective-See. Researchers found it in online forum and torrent web sites, hidden in different MacOS-based software installers. The installation program hosts a shell script that is executed to load the malware and then launch the program. Once activated, the malicious code starts encrypting the files on the targeted machine. Cybercrime incorporated some anti-analysis techniques, a keylogger and reverse shell. Furthermore, it can empty cryptocurrency wallets on infected workstations. Moreover, up to date, it’s not detected by the anti-virus.