LittleSnitch is in itself a trustworthy, highly useful software that can tell Mac users when other software on the system is trying to make stealthy network connections that could risk security. Little Snitch costs $45 and it’s worth the price, but there obviously are people who would like to get it for free. And this is exactly what ThiefQuest is counting on.
The infected torrent download comes with a patch that promises to convert the free trial of LittleSnitch into the full paid version. Of course, it doesn’t do that. The patch instead infects the victim’s Mac and opens up communications to the ThiefQuest command and control servers.
ThiefQuest can act like a typical ransomware and encrypt documents, images, videos etc. According to Threat Post, This malware can also record keystrokes and ‘sniff out’ cryptocurrency wallet files.
These features offer criminals enough array to figure out multiple ways to profit from machines that have been infected. Your crypto coins can be stolen, accounts can be hijacked and that’s just the beginning.
ThiefQuest also uses various tricks to avoid detection and to thwart security researchers’ attempts to analyse it. One of the ways it does this is by checking to see if the machine it is trying to infiltrate has anti-malware software installed in it. Software from Kaspersky, Avast, McAfee, Norton and even LittleSnitch will raise flags.
This new malware seems to be a work-in-progress of sorts as ransomware functionality appears to be spotty and could not encrypt files on some of the researchers’ test systems.
However, since ThiefQuest exists, Mac users should be reminded that their systems are not immune to ransomware infections. Cybercriminals have been building Mac malware for years and they are getting better at it.
0 Comments