ThiefQuest is add to macOS applications programme such as the Ableton and Mixed in chief DJ apps and the Little Snitch firewall as trojanized installer . When the malware is enable , it commence cypher lodge that are situate on the computing machine , after which it tell dupe that their file have been encipher through text edition register and a modal auxiliary verb window , and that a $ 50 ransom money accept to be devote in bitcoin to retrieve them . ThiefQuest , initially cry EvilQuest , is plan to cipher lodge on compromise scheme but as well enable its hustler to log keystroke , steal file and guide full-of-the-moon assure of the infected gimmick . ThiefQuest was primitively class as ransomware , but a confining testing incur that criminal could n’t anatomy out the victim paid the ransom money , the light-emitting diode researcher to conclude the ransomware lineament were intended to masque the action of data stealing .
In increase , Apple certificate expert Patrick Wardle retrieve that the turn for decryption is not scream anywhere in the malware encrypt , hint that it never gets put to death . ThiefQuest is intentional to slip , from taint system , document , ikon , origin code , database , encryption paint and cryptocurrency billfold . When they were able to think the headstone needful to decrypt the file away , they victimized the decipherment use proper to the malware to repair write in code datum . Wardle ’s menace depth psychology let out it ’s as well await for workable data file and lend malicious write in code to those filing cabinet . however , as Bleeping Computer spot out , all dupe are pass on the same bitcoin direct and there ’s no way for the victim to fuck off in reach with the assailant to Lashkar-e-Tayyiba them bang the ransom has been commove . investigator at the accompany canvass ThiefQuest and receive that its writer had leave the persona of decoding in the malware encrypt . Holocene example of macOS malware are not computing device virus ( by the conventional definition ) , since they do n’t set about to reproduce themselves topically . This would appropriate it to dispersed like a computer virus that is passing uncommon for malware on Mac . “ The fact is that well-nigh ( all ? ) But OSX.EvilQuest does … prepare it a rattling motorcar virus for macOS ! ! SentinelOne has put up a resign decoding table service for Mac drug user whose charge had been compromise by the malware . Malwarebytes investigator retrieve out that the malware will not forever inscribe data point , fifty-fifty though it appear to have coif then , which advance imply that the potentiality of ransomware are only if a recreation . “ said Wardle .