#BEATING RANSOMWARE ON MAC FULL#
"Armed with these capabilities the attacker can maintain full control over an infected host," Wardle said. The malware will connect to com/ret.txt to get the IP address of the C2 server to download further files and send data. It also checks for some common security tools (Little Snitch) and antimalware solutions (Kaspersky, Norton, Avast, DrWeb, Mcaffee, Bitdefender, and Bullguard) and opens a reverse shell used for communication with its command-and-control (C2) server as VMRay technical lead Felix Seele found. Installs a keylogger and opens a reverse shellĭevadoss discovered that ThiefQuest includes the capability to check if it's running in a virtual machine (more of a sandbox check according to Wardle), and it features anti-debug capabilities. ThiefQuest was first spotted by K7 Lab malware researcher Dinesh Devadoss and analyzed by Malwarebytes' Director of Mac & Mobile Thomas Reed, Jamf Principal Security Researcher Patrick Wardle, and BleepingComputer's Lawrence Abrams, who found an interesting twist. While not common, ransomware has been known to target the macOS platform in the past, with KeRanger, FileCoder (aka Findzip), and Patcher being three other examples of malware designed to encrypt Mac systems. The victims get infected after downloading trojanized installers of popular apps from torrent trackers.
A new data wiper and info-stealer called ThiefQuest is using ransomware as a decoy to steal files from macOS users.
0 kommentar(er)
