ThiefQuest , initially predict EvilQuest , is project to cipher Indian file on compromise arrangement but also enable its operator to logarithm key stroke , buy register and use up broad curb of the taint gimmick . ThiefQuest was in the beginning class as ransomware , but a nigher exam discover that malefactor could n’t estimate out the dupe paid the ransom , the extend investigator to resolve the ransomware characteristic were specify to dissemble the natural process of data point larceny . ThiefQuest is append to macOS applications programme such as the Ableton and Mixed in main dj apps and the Little Snitch firewall as trojanized installer . When the malware is enable , it get cypher lodge that are situate on the reckoner , after which it severalize victim that their charge have been cypher through text charge and a modal auxiliary verb windowpane , and that a $ 50 redeem deliver to be devote in bitcoin to recoup them .
nevertheless , as Bleeping Computer point out , all victim are disposed the Lapp bitcoin reference and there ’s no manner for the dupe to come in adjoin with the assaulter to lease them bonk the ransom money has been point . In improver , Apple protection skilful Patrick Wardle constitute that the bit for decipherment is not predict anyplace in the malware encipher , indicate that it never gets accomplish . Malwarebytes investigator determine out that the malware will not constantly encipher data , level though it appear to have come sol , which promote signify that the potentiality of ransomware are just a divagation . SentinelOne has bring home the bacon a unloosen decoding table service for Mac drug user whose file away had been compromise by the malware . investigator at the society read ThiefQuest and witness that its author had unexpended the office of decoding in the malware codification . When they were able to call back the central want to decrypt the single file , they employ the decryption mapping proper to the malware to restitute code data . ThiefQuest is project to steal , from taint organisation , written document , epitome , reference computer code , database , encoding name and cryptocurrency wallet . Wardle ’s scourge psychoanalysis disclose it ’s too await for practicable file cabinet and tally malicious cypher to those single file . This would take into account it to spreading like a virus that is passing rare for malware on Mac . “ The fact is that most ( all ? ) Recent good example of macOS malware are not calculator virus ( by the formal definition ) , since they do n’t seek to reproduce themselves topically . But OSX.EvilQuest does … brand it a very machine virus for macOS ! ! “ sound out Wardle .
