Security researchers have discovered this week a new ransomware strain targeting macOS users. Named OSX.EvilQuest, this ransomware is different from previous macOS ransomware threats because besides encrypting the victim’s files, EvilQuest also installs a keylogger, a reverse shell, and steals cryptocurrency wallet-related files from infected hosts. “Armed with these capabilities, the attacker can main full control over an infected host,” said Patrick Wardle, Principal Security Researcher at Jamf. This means that even if victims paid, the attacker would still have access to their computer and continue to steal files and keyboard strokes.

 

Full story here: https://www.zdnet.com/article/new-evilquest-ransomware-discovered-targeting-macos-users/

Subscribe
Notify of
guest
1 Expert Comment
Newest
Oldest Most Voted
Inline Feedbacks
View all comments
James McQuiggan
James McQuiggan , Security Awareness Advocate
InfoSec Expert
July 1, 2020 10:21 am

It was only a matter of time before ransomware targeting Mac OS X became available in the wild, and it\’s not a simple ransomware attack. Not only will the attack make your data unavailable, but it also contains other malware to steal credentials and other remote access functionality.
For years, the Mac OS has provided a secure and private system for its end users. Cybercriminals are taking advantage of access to the system to enable the keyloggers to capture user credentials and passwords, which may not be evident via other attack methods.

If this ransomware or any other ransomware impacts users, it is critical to format the system after recovering the data to avoid additional infections. With the data recovered either from backup or paying the ransom, it may provide a false sense of relief that the encryption is gone. However, cybercriminals may leave additional files undetectable by anti-malware systems and could result in further unauthorized access or data theft.

End users and organizations will want to ensure they are aware of the latest ransomware and social engineering attacks with a robust security awareness program to help identify and be aware of these attacks and reduce the risk of data and productivity loss.

Last edited 2 years ago by James McQuiggan
1
0
Would love your thoughts, please comment.x
()
x