Walden Systems Geeks Corner News ThiefQuest Mac Ransomware Also Steals Passwords and Credit Card Information Rutherford NJ New Jersey NYC New York City North Bergen County

ThiefQuest Mac Ransomware Also Steals Passwords and Credit Card Information

The Accordion system converts ordinary external HD into a NAS box and enables you to backup data using any usb based storage device whether it is RAID, SATA, ATA, IDE, SSD, or even CF-card. Accordion backup appliance is a self contained device that can utilize any external storage for backing up data. You can utilize existing excess storage on existing workstations or servers. You can use existing NAS storage or you can use any usb based storage device. Accordion is agnostic when it comes to where it backs up to or what technology is used for backup.

Ransomware may seem rampant today, but there haven't been many that targets Macs since the first Mac ransomware appeared 4 years ago. ThiefQuest has the ability to search the system for passwords, credit cards numbers and even cryptocurrency wallet data as users enter the data. Tt sticks around even after a computer reboots, and could be used as launch further attacks. Since Mac ransomware is rare, the added features make it more shocking.

Though ThiefQuest features are menacing, unless you downloaded pirated software, you're probably ok for now. ThiefQuest is distributed on torrent sites bundled with retail software such as DJ software Mixed In Key and music platform Ableton. Devadoss notes that the malware hides itself as a Google Software Update program.

Though ThiefQuest combined the capabilities ransomware and spyware, the ransomware component seems incomplete. The malware shows a ransom note that demands payment, but it only lists a static Bitcoin address where victims can send money. Since Bitcoin is anonymous, the malware author will be unable to tell who paid and who didn't in order to decrypt a victim's systems. Also, in the ransom note, there is no email address that victims can use to correspond with the hackers about receiving a decryption key.

The malware includes some features to help hide itself. The malware won't run if it detects security tools like Norton Antivirus. It also doesn't activate if it's being opened in a sandbox which is often used for security testing. Researchers found that some components were obscured so it would be difficult to understand what they do. Other components, though, others were left out in the open for anyone to see.

Researcher think that the the malware may be intended to quietly run its spyware module first to collect valuable data. In testing, some researchers found it harder than others to induce the malware to start encrypting files as part of its ransomware functionality. Since the malware is distributed through torrents, and still has several flaws, researchers think it was created by individual hackers rather than nation state groups. It's common in Windows malware to fake being a ransomware attack to distract it's real intent. The NotPetya malware, which was the most costly attack, pretended to be ransomware.