![]() ![]() For instance, these new variants seem to emerge only days after the detection of older variants. New ThiefQuest variantsīesides the old ThiefQuest variant that has been reported by various researchers, we also discovered some improved variants with stronger capabilities and other changes compared with earlier iterations of the malware. More importantly, we’d like to add to the current information provided by published reports that prove our belief that ThiefQuest is an example of highly capable malware that should be kept under close monitoring. ![]() Given that both the previously mentioned researchers and the updated report from Objective-See have conducted an in-depth look into the malware, in this blog post we will discuss our own discoveries such as the differences between the old and new versions of the malware, including unusual observations in VirusTotal. This assumption is also supported by our recent discoveries. The aforementioned reports state the assumption that the malware’s ransomware activity is not its main attack method rather, it is a pre-emptive move to disguise its other capabilities such as file exfiltration, Command and Control (C&C) communication, and keylogging. Developments on the malware have been reported by MalwareBytes, BleepingComputer and security researchers Dinesh Devadoss, Phil Stokes, Patrick Wardle, and Thomas Reed. It has been found in pirated versions of macOS shared on popular torrent sites. Talks and slides from the conference’s first edition are available here.Right as July of this year began, we noticed an emerging malware dubbed by most as ThiefQuest (also known as EvilQuest), a threat that targets macOS devices, encrypts files, and installs keyloggers in affected systems. ![]() Wardle is also the man behind the Objective by the Sea conference, one of the few security conferences focused on Mac malware. Other free Mac security apps that Wardle has released in the past under this brand include LuLu (firewall), Do Not Disturb (evil maid protection), KnockKnock (detection of persistently installed Mac software), RansomWhere (ransomware detection and protection), OverSight (detection of Mac malware that records audio and video sessions), and many other more. ReiKey is just the latest app released under the Objective-See brand of Mac security and privacy apps. Nonetheless, because it’s a free app, it’s a solid alternative for Mac users who can’t afford a full-blown antivirus. Users should be aware that ReiKey doesn’t detect all types of macOS keyloggers, as some of these might be using other methods for recording keystrokes. Screenshots of these features and more are available below: Users can trigger the on-demand all-system scan from the ReiKey icon (by clicking the “Scan…” option), or they can use ReyKey from the command-line. If the app installs an event tap for which it doesn’t have a reason to do so, then the user should either look into the app’s features for an explanation or consider using an alternative app.īy default, ReiKey runs all the time in the OS’ background and listens to newly registered event taps, but it can also scan a system on demand for any processes that have already installed a CoreGraphics keyboard event tap. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |