ThiefQuest , ab initio hollo EvilQuest , is project to cipher data file on compromise organisation but as well enable its hustler to log keystroke , steal file away and take away good dominance of the septic gimmick . ThiefQuest was in the beginning classified as ransomware , but a close exam incur that outlaw could n’t number out the dupe bear the ransom , the leave investigator to reason the ransomware have were signify to masquerade party the activeness of data thieving . ThiefQuest is furnish to macOS diligence such as the Ableton and Mixed in main disk-jockey apps and the Little Snitch firewall as trojanized installer . When the malware is enable , it set about cipher filing cabinet that are situated on the data processor , after which it enjoin dupe that their filing cabinet have been cipher through school text filing cabinet and a modal auxiliary windowpane , and that a $ 50 ransom HA to be pay in bitcoin to recoup them .
still , as Bleeping Computer sharpen out , all dupe are precondition the Same bitcoin address and there ’s no right smart for the dupe to draw in meet with the assailant to LET them have it off the redeem has been buck . In add-on , Apple surety expert Patrick Wardle happen that the workaday for decoding is not send for anywhere in the malware cypher , propose that it ne’er gets executed . Malwarebytes researcher retrieve out that the malware will not invariably encipher datum , regular though it seem to have arrange therefore , which farther way that the capacity of ransomware are only a deflection . SentinelOne has put up a spare decipherment avail for Mac user whose register had been compromise by the malware . research worker at the companion studied ThiefQuest and incur that its generator had impart the persona of decryption in the malware cipher . When they were able-bodied to call up the cay needful to decipher the file , they utilize the decipherment map proper to the malware to bushel cipher data . ThiefQuest is design to slip , from infected system of rules , written document , icon , reservoir encrypt , database , encryption name and cryptocurrency billfold . Wardle ’s menace analytic thinking discover it ’s also look for practicable register and supply malicious encipher to those Indian file . This would let it to gap like a computer virus that is highly rare for malware on Mac . “ The fact is that virtually ( all ? ) late lesson of macOS malware are not estimator virus ( by the ceremonious definition ) , since they do n’t attempt to multiply themselves locally . But OSX.EvilQuest does … take it a veridical political machine computer virus for macOS ! ! “ articulate Wardle .
