ThiefQuest Ransomware for the Mac
There’s a new ransomware for the Mac called ThiefQuest or EvilQuest. It’s hard to get infected:
For your Mac to become infected, you would need to torrent a compromised installer and then dismiss a series of warnings from Apple in order to run it. It’s a good reminder to get your software from trustworthy sources, like developers whose code is “signed” by Apple to prove its legitimacy, or from Apple’s App Store itself. But if you’re someone who already torrents programs and is used to ignoring Apple’s flags, ThiefQuest illustrates the risks of that approach.
But it’s nasty:
In addition to ransomware, ThiefQuest has a whole other set of spyware capabilities that allow it to exfiltrate files from an infected computer, search the system for passwords and cryptocurrency wallet data, and run a robust keylogger to grab passwords, credit card numbers, or other financial information as a user types it in. The spyware component also lurks persistently as a backdoor on infected devices, meaning it sticks around even after a computer reboots, and could be used as a launchpad for additional, or “second stage,” attacks. Given that ransomware is so rare on Macs to begin with, this one-two punch is especially noteworthy.
Smith • July 6, 2020 3:09 PM
Unfortunately ANY software Apple hasn’t signed off on – err cough been paid handsomely for a signature on – pops up those exact same warnings.
Consider the software you might want to run: Emacs, GIMP, Inkscape, VLC, Chrome, Firefox, Thunderbird, Steam, Dosbox, WINE, ffmpeg, etc, etc, etc. And that’s before we get into gaming (direct downloads). Or Fink / MacPorts / HomeBrew / etc. How much of that do you download off the internet, and get the same warnings?
Apple could have been great, doing something like Ubuntu or Red Hat with a vast library of software available. Instead they charge a fortune to develop “authorized” software, and collect 30% from their app store.
Shit like Thiefware was bound to happen.
(And, as long as I’m writing, I’ll point out that Apple recently went 64-bit only, breaking much software including WINE, and is now switching over to ARM CPUs for their laptops. They claim their rosetta software will let existing x86 software run just fine on the ARM, but their benchmarks are awfully low. And for some reason they’re comparing benchmarks of an ARM laptop running rosetta against benchmarks from an ARM Tablet, rather than against an x86 computer. Meanwhile Ubuntu & WINE are running all my old Windows software, even graphically intensive MMORPGs (low settings), on a bottom-end Ryzen3/Vega3 laptop. I don’t know how all this is going to play out, but the next few years look to be interesting.)