Mac ThiefQuest Ransomware Should Be A Reminder That No One Is Safe
Long gone are the days when Windows is the only vulnerable operating system or at least the most reported one. Mac and Linux computers have their own share of vulnerabilities, some worse than others, but recent times have made them just as enticing to data and money thieves as Microsoft's platform. And then there is Android and iOS which is home to even more personal and sensitive data than our desktops and laptops. A new ransomware has popped up that specifically targets Macs and its mere existence is reason enough for both users and developers to wake up and be on guard.
The slightly good news is that ThiefQuest, formerly nicknamed EvilQuest, is more sinister than destructive and, like many malware, can only be acquired through carelessness or willful disregard. The bad news is that if you do get infected, there is really no way to rescue your encrypted files. As ironic as it may sound, the ransomware part of ThiefQuest may have just been tacked on rather than as a carefully thought-out aspect. Or perhaps it was designed to give users a false sense of hope.
According to one security researcher, ThiefQuest looks more like a combination of spyware and ransomware. The spyware's ability to masquerade as a legit Google or Apple process is worrying enough but its ability to encrypt files is the poisoned cherry on top. The external system for paying the ransom, however, seems set up in a way that users will not be able to get a decryption key to salvage their files anyway.
The purpose of ThiefQuest is still boggling the security community on that account. Its ransomware component seems incomplete and the fact that it announces its existence through that ransom note exposes the spyware component's activity. It's almost as if it's challenging hackers both black and white to find a way to fight it, and that might not exactly be a good thing.
ThiefQuest sounds more like a prototype that's merely testing the waters. While ransomware is no longer alien on macOS, they still have been rare and few in between. The sudden appearance of this new strain proves that there is still a very active malware community that's producing malicious software, ready to pounce at users' presumption that, because they're not using Windows, they're safe from such exploits.