- #Espionage for mac update
- #Espionage for mac software
- #Espionage for mac code
- #Espionage for mac download
- #Espionage for mac windows
It's not entirely uncommon in the realm of Windows malware to don a ransomware guise as a distraction or false flag. Given that the malware is being distributed through torrents, seems to focus on stealing money, and still has some kinks, the researchers say it was likely created by criminal hackers rather than nation state spies looking to conduct espionage. But the malware is buggy and for now it's unclear what the developers' true intent is. In testing, some researchers found it harder than others to induce the malware to start encrypting files as part of its ransomware functionality, which may support Wardle's theory. Wardle theorizes that the malware may have been intended to quietly run its spyware module first, collect valuable data, and only launch the noisy ransomware as a last-ditch effort to gather some funds from a victim before moving on. Strangely, though, others were left out in the open for anyone to see.
#Espionage for mac code
And when analyzing the code itself, the researchers say that some components were carefully obscured so it would be difficult to understand what they do.
It also lays low if it's being opened in a digital environment that's often used for security testing, like a sandbox or virtual machine. The malware won't run if it detects certain security tools like Norton Antivirus. The malware does include some obfuscation features to help it hide out. It's really noisy in both the literal and digital sense." When I installed it for testing, every 30 seconds the computer was screaming at me, beeping at me all the time. "So I don’t really understand the point of this very noisy ransomware. "I would think if your main goal was data exfiltration you would want to stay in the background, do that as silently as possible, and have the best chance of going undetected," Malwarebytes' Reed says. But if you're someone who already torrents programs and is used to ignoring Apple's flags, ThiefQuest illustrates the risks of that approach.
#Espionage for mac software
It's a good reminder to get your software from trustworthy sources, like developers whose code is "signed" by Apple to prove its legitimacy, or from Apple's App Store itself.
#Espionage for mac update
K7's Devadoss notes that the malware itself is designed to look like a "Google Software Update program." So far, though, the researchers say that it doesn't seem to have a significant number of downloads, and no one has paid a ransom to the Bitcoin address the attackers provide.įor your Mac to become infected, you would need to torrent a compromised installer and then dismiss a series of warnings from Apple in order to run it. Thomas Reed, director of Mac and mobile platforms at the security firm Malwarebytes, found that ThiefQuest is being distributed on torrent sites bundled with name-brand software, like the security application Little Snitch, DJ software Mixed In Key, and music production platform Ableton.
#Espionage for mac download
Though ThiefQuest is packed with menacing features, it's unlikely to infect your Mac anytime soon unless you download pirated, unvetted software. And then they also added some ransomware capability as a way to make extra money." "My current gut feeling about all of this is that someone basically was designing a piece of Mac malware that would give them the ability to completely remotely control an infected system. But compiling them together you’re kind of like what?" says Patrick Wardle, principal security researcher at the Mac management firm Jamf. "Looking at the code, if you split the ransomware logic from all the other backdoor logic the two pieces completely make sense as individual malware. Given that ransomware is so rare on Macs to begin with, this one-two punch is especially noteworthy. The spyware component also lurks persistently as a backdoor on infected devices, meaning it sticks around even after a computer reboots, and could be used as a launchpad for additional, or "second stage," attacks. In addition to ransomware, ThiefQuest has a whole other set of spyware capabilities that allow it to exfiltrate files from an infected computer, search the system for passwords and cryptocurrency wallet data, and run a robust keylogger to grab passwords, credit card numbers, or other financial information as a user types it in. (Researchers originally dubbed it EvilQuest, until they discovered the Steam game series of the same name.) It turns out, though, that the malware, which researchers are now calling ThiefQuest, gets more interesting from there. So when Dinesh Devadoss, a malware researcher at the firm K7 Lab, published findings on Tuesday about a new example of Mac ransomware, that fact alone was significant. The threat of ransomware may seem ubiquitous, but there haven't been too many strains tailored specifically to infect Apple's Mac computers since the first full-fledged Mac ransomware surfaced only four years ago.
0 kommentar(er)
