The Fast-Evolving MacOS Malware – ThiefQuest | Cyware Alerts

The ThiefQuest malware (also known as EvilQuest), which was first observed in late June 2020, has been evolving quickly. The ransomware (not anymore) has removed its file encryption capabilities and has become more sinister than earlier.

New ThiefQuest variants

Lately, Trend Micro researchers discovered some improved ThiefQuest variants with stronger capabilities that emerged only days after the detection of older variants.
  • The malware authors have implemented a new routine for computing and calling the new functions’ addresses. As compared with earlier iterations of the malware, these new variants have even obfuscated the function names to make malware tracing more difficult.
  • The malware has included new anti-analysis functions (some empty and some functioning) for condition checks like getting the MAC address, CPU count, and physical memory of the machine.
  • It has also included more security tools by the security vendors like Avast, Bitdefender, Bullguard, DrWeb, Kaspersky, KnockKnock, Little Snitch, McAfee, Norton, and ReiKey to the list of check and termination process.

Gradually changing history

It seems like malware authors are putting efforts to continuously improve ThiefQuest. The brief outline of the malware’s evolution looks as follows:

  • ThiefQuest was initially a backdoor (June 4, 2020 sample) with the capability to modify the victim’s host file. Later it adopted File exfiltration capabilities (June 26, 2020 sample), and Ransomware behavior, and File infector behavior (July 2, 2020 sample).
  • In the latest versions, the malware continued with the File infector capability and removed the Ransomware capability (July 3, 2020 sample).
  • In mid-July, ThiefQuest operators used pirated software installers (including Little Snitch, Ableton, and Mixed In Key), and later it used keylogging and backdoor code in its ransomware strain to hide its true intentions.

Closing statement

With the emergence of ThiefQuest, it is clear that cybercriminals have increased interest in targeting macOS. With such attacks, ThiefQuest operators are making it an even more vicious threat.

Source link

Recent articles

Ohio Governor Says His Flawed Virus Test Shouldn’t Undercut New, Rapid Methods

Gov. Mike DeWine of Ohio, who last week tested positive for the coronavirus, then negative and then negative again, said on CNN on...

Egypt extends detention of Al Jazeera journalist Mahmoud Hussein | News

Egyptian authorities have extended the detention of Al Jazeera journalist Mahmoud Hussein by another 45 days. The extension on Sunday came more than 1,300...

Created with Blender 2.8: ‘Take on me’ cover: Arrangement for Flute orchestras

PiDi writes: 'Take on me' cover: Arrangement for Flute orchestras (Cover) Similar to the original video, it looks like a comic book. All image effects were...

Looks Like AT&T Cancelled Plans for WB Interactive Sale

Following months of reports about its sale, Warner Bros. Interactive Entertainment seems to be resting safely with AT&T for now, if comments by...

Leave a reply

Please enter your comment!
Please enter your name here