The creators of the antivirus Malwarebytes have reported a new malware called EvilQuest.
On the torrent trackers discovered a pirated application Little Snitch. It is available with a PKG installation file that is not in the licensed copy. It supposedly erases unnecessary installation data, but in fact it downloads a virus to Mac.
The script file is copied to the folder associated with the Little Snitch application, under the name CrashReporter. The user will not notice that the virus appeared in the activity monitor, since macOS has an internal application with a similar name. Located here: / Library / LittleSnitchd / CrashReporter.
After some time, EvilQuest begins to encrypt user files and demand money for their unlocking. Part of the encryption means that the Finder is not working properly and the system is constantly crashing. Even the Keychain cannot function normally.
A message on the screen says that the owner of the computer must pay $ 50 for data recovery, otherwise everything will be deleted in three days.
Malicious software continues to work even after encrypting files, and you cannot delete it. Malwarebytes experts advise rolling back to the next backup. [ 9to5 ]