• Hi there and welcome to PC Help Forum (PCHF), a more effective way to get the Tech Support you need!
    We have Experts in all areas of Tech, including Malware Removal, Crash Fixing and BSOD's , Microsoft Windows, Computer DIY and PC Hardware, Networking, Gaming, Tablets and iPads, General and Specific Software Support and so much more.

    Why not Click Here To Sign Up and start enjoying great FREE Tech Support.

    This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

This macOS malware can wipe your entire device


PCHF Tech News
Jan 10, 2015
MacOS users are being warned to monitor their device security following the discovery of a potentially hugely damaging new form of ransomware.

Known as ThiefQuest, the malware targets macOS devices such as MacBooks, encrypting the entire system and stealing valuable data on the device.

If a ransom is not paid to release the files, then ThiefQuest is programmed to completely wipe the victim's device, deleting all items within - however there may be a way to stop it for good.

MacOS malware

ThiefQuest was first detected by researchers at security firm SentinelOne, who were able to carry out a full investigation into the malware.

The company first believed the malware was lacking certain finesse when investigating the ransom message alerting ThiefQuest victims to their fate.

As usual with such alerts, it order victims to pay $50 within 72 hours if they wanted their files returned - however, it neglected to provide any contact email for information about decryption once this was paid, only a link to a ReadMe file containing details on a Bitcoin wallet to send the ransom funds to.

SentinelOne's research found that ThiefQuest (initially known as EvilQuest) used a custom encryption routine, and that its code suggested it was unrelated to the public key encryption methods commonly used for such attacks.

The researchers discovered ThiefQuest was instead looking in the system's /Users folder to try and steal files, with .doc, .pdf and .jpg items all targeted among others. However once found, these files were encrypted by a function that used a simple encoding tool that, when creating an encrypted file, simply added an extra data block containing the encryption/decryption key and the key that encodes it.

The attackers also failed to remove the function responsible for the decryption job, meaning getting the original file back was incredibly straightforward, and allowing SentinelOne to create and release a decryptor, which can be downloaded for free now.

Via BleepingComputer

Continue reading...