Ransomware origins: According to Malwarebytes, the malicious code originates from a Russian forum and disguises itself as an installer for a real app known as Little Snitch. The installer “is attractively and professionally packaged,” meaning even veteran torrent users may be fooled by it. Little Snitch is often used to monitor network traffic, and allows users to permit or block apps from accessing shared networks. What it does: While the malware does install Little Snitch, attempts to launch the app fail. An installer for DJ software called Mixed In Key 8 is also included, and it’s suspected other installers are lurking in the files as well. The malware itself seemingly did nothing in Malwarebytes’ own experiments until they deliberately encouraged it to begin encrypting settings and keychain files, but even then, it “wasn’t particularly smart about what files it encrypted.” Is that it? The macOS Finder started having performance issues, such as taking a long time to respond and freezing. Some reported seeing files with instructions to pay a ransom, though Malwarebytes was unable to replicate this. Staying safe: If you do encounter this new ransomware, scan your system with antivirus software, which should detect and remove the problem. Malwarebytes for Mac will see it as Ransom.OSX.EvilQuest. It’s also recommended you have multiple backups of your Mac’s data. “Keep at least two backup copies of all important data, and at least one should not be kept attached to your Mac at all times. (Ransomware may try to encrypt or damage backups on connected drives.)” Bottom line: The best way to protect yourself from malware is to never download anything that looks suspicious, and to triple-check the files and installers that look harmless. Frequent torrent users should already know this, but it never hurts to be reminded of the obvious. Via: Laptop Mag
