back to article Things that happen every four years: Olympic Games, Presidential elections, and now new Mac ransomware

Security bods are sounding the alarm following the discovery of a rare brand-new strain of Mac ransomware. Known as EvilQuest, the software nasty was spotted spreading via Russian piracy and torrent sites. The team at infosec outfit Malwarebytes told The Register on Tuesday the malware is the first new piece of macOS …

  1. big_D Silver badge

    40 UKP?

    I thought Apple users were supposed to be wealthier than users of other platforms, in general, yet the ransom seems to be a pittance, compared to other ransomware I've seen.

    1. Captain Scarlet Silver badge
      Trollface

      Re: 40 UKP?

      Yes but if its only £40 the user will be more likely to pay that than several thousand.

      1. HildyJ Silver badge
        Devil

        Re: 40 UKP?

        Of course they only net £28 after the Apple Store commission.

  2. cb7

    Yes but I thought "Macs don't get viruses"?

    Sarcastic mode off.

    1. 45RPM

      Seriously? It’s not a virus. And if you don’t know the difference between the various types of malware that might affect your computer, you’re probably in the wrong business. But don’t worry - MacDonalds are beginning to open up again and I’m sure that they’ll snap you up.

      Besides, there are viruses for the Mac. Not many, but they do exist. As far as I’m aware, there are no worms though (another thing for you to look up) - and whilst I’m prepared to be proved wrong on that, I really hope that I’m not.

      As for trojans (which is what this is, ultimately), well yes. Lots. They rely on human fallibility, and it’s not really possible to defend against that.

      1. James O'Shea

        There are/were viruses for Macs _prior to OS X_, but none since. And even in the old days the top malware were worms and trojans. No more worms, either, but lots and lots and lots of trojans. The cure for trjoans is the same as it ever was: don't launch them. That means don't go to dodgy Russian sites and download pirated versions of apps, you're just begging for trouble. If someone were to get an infected installer into a legit site, such as Apple's store, or, in this case, the site of Little Snitch's dev, then there'd be a real problem. But if you have to go and hunt down the malware yourself, well, think of it as evolution in action.

        1. 45RPM

          I hope that you're right, but I don't think that that's entirely true - and especially not when you take into account proofs of concept which, of course, can become very real threats when they leave the lab.

          Viruses like Macarena or Clapzok.A, Safari-get or OSX/Pirrit.

          The thing to remember about Viruses though is that they still require human interaction to spread, whether that's the deliberate execution of an infected program, or the insertion of infected media. This is in contrast to a worm which can spread through a network without any human intervention beyond turning the computer on - and there really are no (known) worms which affect Apple devices.

          Whether these continue to work on modern macOS like Catalina is, of course, debatable.

      2. Terry Wrist

        As a MikeyDs worker, I feel insulted. Just wait and see what I'll put in your burger next.

    2. Lotaresco Silver badge

      "Yes but I thought "Macs don't get viruses"?"

      I think you may be thinking about claims made about Chromebooks. They even feature in advertising for the Chromebook.

      The first Mac virus I recall seeing was nVir in 1987. Then John Norstadt's Disinfectant appeared as the first anti-Malware software that I had seen. Graham Cluley has documented the history of Mac malware. It's worth a read. I haven't seen anyone other than the terminally clueless state that Macs don't get viruses. Although with OSX the scope for viruses to propagate has been severely curtailed and proofs of concept often require a lot of user compliance to give the virus the permissions it needs to infect system files.

      As someone else has said, malware that runs in userspace is more of an issue. Ransomware, crypto-currency miners, Trojans etc only need user permissions to do their stuff. If you can execute code on your computer then malware can execute on your computer. The only effective way to stop it is to make it a pain to use your computer.

      1. Anonymous Coward
        Anonymous Coward

        And Little Snitch is an inspired “horse” as it needs to be granted low level system access to install. Though I’m surprised people who recognise the value of LN are naive enough to download a pirated version. Perhaps the ransomware author realises they’re targeting cheapskates and £40 is all they’re likely to get...

        1. cd

          LS is expensive, also intrusive with its modal pop-ups. Hard to stomach paying that much for something that's such a PITA, keep hoping someone will come up with something that doesn't interrupt everything to fret about a connection issue that can wait.

          Radio Silence is okay but not granular and not as useful as a tool. If only there were something in between...

          1. Terry Wrist

            yeah thats what you get on platforms where its expensive to develop signed drivers. I am looking at you windoze and macos.

      2. James O'Shea

        I saw nVIR in the wild, and Scores and SevenDust and the AutoStart Worm and many others, all prior to OS X's arrival. Since OS X, I've seen two trojans, just two. Both were laughably easy to detect, one being the infamous Office 2004 fake installer. This was a trojan shared on places like eDonkey which was 122 kB in size; Office 2004 was 660 MB plus. The fake installer was supposed to open a back door on MS's site and download Office direct from MS, that was supposed to be how it was so small. What it did was delete your home directory and possibly other directories and files.In my opinion anyone stupid enough to fall for that pitch, well,...

      3. Muscleguy Silver badge

        @nvir

        Back in the early noughties we had an older mac in the lab which was a common computer and slow. I had cause to stick a zip drive in it and when I inserted said disc into my Tower I was told it was infected. Knowing where it had just been I took the Norton CD and had a look at the common computer. It was absolutely riddled with nvir, it was pretty much everywhere.

        A good long clean later and it was running fairly quickly again. So it slowed computers down a bit. Big deal.

  3. Len Silver badge
    Holmes

    Updated XProtect

    XProtect.plist, the definition file for XProtect (macOS built-in anti malware tool) on my machine was updated last night. I opened it and did a search for EvilQuest but couldn’t find anything, though Apple could be using a different name for this particular threat.

  4. Terry Wrist

    If only it was...

    as often as England won any sort of sporting world cup and/or championship.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2020