New Ransomware ‘OSX.EvilQuest’ Found in Pirated Mac Software

1 minute read
| News

A new piece of macOS ransomware has been spotted in the wild pretending to be a Google Software Update app. Thomas Reed from Malwarebytes says it has been found in pirated versions of “popular macOS software.”


Mr. Reed found it inside a pirated Mac tool called Little Snitch. Another one was found in DJ software Mixed In Key 8, which is what Objective-See covered. The latter installer was unsigned. This is good so far, because it means you won’t be automatically infected (at least with this sample).

This message will appear once your files have been encrypted

Credit: Objective-See. This message will appear once your files have been encrypted

Not only does OSX.EvilQuest encrypt the machine’s files, it also installs a keylogger to monitor what you type, and steals cryptocurrency wallet files if they are present on the system. Even if you paid the ransom, the attackers could still wreak havoc.

Mr. Reed said that Malwarebytes has been updated to detect and stop OSX.EvilQuest. Objective-See also has a ransomware detection tool.

Notify of

This site uses Akismet to reduce spam. Learn how your comment data is processed.

1 Comment
Oldest Most Voted
Inline Feedbacks
View all comments

I’d really like if TMO reviewed and compared Ransomeware packages.