ThiefQuest macOS malware installs keyloggers

Security researchers are warning organizations to be on the lookout for a fast-evolving macOS malware dubbed “ThiefQuest.”

ThiefQuest, also known as EvilQuest, targets macOS systems and is used to encrypt files and install keyloggers.

Researchers from TrendMicro wrote in a blog post ThiefQuest can be found in pirated versions of macOS, such as those shared in underground forums.

In addition, Trend Micro says the malware developers are not using the malware for ransomware attacks. Instead the actors are likely using ransomware activity to “disguise its other capabilities such as file exfiltration, Command and Control (C&C) communication, and keylogging.”

In the blog post, Trend Micro describes in detail on ThiefQuest from recent published reports and how the malware is “highly capable malware that should be kept under close monitoring.”

For instance, many of the new variants evolve only days after previous variants were detected. For instance, the new malware may drop file encryption and ransom notes from its behavior.

This latest threat may signal cyber gangs are increasing their targets on macOS systems as the OS gains in popularity.

Related Articles