New ransomware specifically targeted at Macs is going around. EvilQuest encrypts the files on your hard drive and claims that you’ll only be able to regain access your data if you fork over some bitcoins. But that’s not all: it also infests your system with other malware including a keylogger, which can reveal your sensitive information to the attackers.
Malware that specifically affects Macs is still comparatively rare. But it does exist – and this time around, us musicians should be paying attention. EvilQuest is a new malicious piece of code that seems to spread through pirated copies of popular music applications, among others.
Once EvilQuest has found its way onto your hard drive, it encrypts the drive, preventing you from accessing your files. It then proceeds to tell you that the only way to get your data back is to pay ransom in the amount of USD 50 in bitcoins. The attackers claim that you’re “guaranteed” to get your files back, but I think we all know where this is going.
And EvilQuest doesn’t stop there. IT experts have identified various other bits of malicious code that could expose your personal data to the attackers, and these will likely continue to run even if you pay ransom and regain access to your files. The malware apparently searches your system for files like wallet.pdf, wallet.png and key.png, which are associated with handling cryptocurrency. It also installs a keylogger, which tracks your keystrokes and transmits them to the attackers, potentially exposing your passwords and sensitive data.
Keep your data safe
Sounds scary, right? But here’s the thing: To have your Mac infected by EvilQuest, you need to be a bit of a crook yourself. The ransomware spreads through pirated software, much like the LoudMiner trojan exposed last year. Among others, the list of “warez” affected by EvilQuest seems to include Ableton Live and the Mixed In Key DJ software. Apparently it also spreads through pirated copies of Little Snitch, which is especially devious as that’s a popular tool for internet security.
So what does this mean? To state the obvious: if you stay away from cracked software and suspicious servers, it looks like you have little to worry about at this point. Protect your data by keeping your backups up to date, so you can restore your system in case things do go wrong. And consider using protective software like Malwarebytes for Mac or the free RansomWhere for an extra layer of protection.