Mac users beware: Don’t fall into the EvilQuest trap
While it’s nowhere near as common as on Windows platforms – and that’s largely been a matter of platform popularity over specifically any other factor – malware has become part of the reality of using the Mac platform in recent years.
The issue here is that a lot of Mac users are rather complacent when it comes to security protections on their Macs, because, according to the common wisdom, “Macs don’t get viruses”. Apple’s advertising used to poke fun at the disparity in terms of viruses on each platform, but that was a long while ago.
A good case in point emerged recently, with malware researchers uncovering a particularly nasty instance of malware targeting Macs specifically, dubbed “EvilQuest”. Spread primarily at this point through illicit torrents of popular Mac apps, the malware presents itself as the installer for a popular app, which appears to install in the regular way Mac apps do, including asking for administrator permissions during the install process.
If you’ve ever installed any Mac app you’ve legitimately downloaded, you’d be familiar with this process, and you’d probably authenticate via your password or TouchID to expedite the process.
However in this case, what the malware does is check if your Mac is running apps that might spot what it’s about to do, disable those apps and check if it’s also running in a virtual machine… before starting to encrypt all of your files. You’re then presented with a demand for payment through Bitcoin and a 3 day deadline before your files are wiped forever. Nasty stuff, as most encryption malware scams tend to be.
Now, at this stage EvilQuest is relatively easy to dodge, because you really shouldn’t be pirating software in the first place. If you’re not, there’s not been much sign of it beyond that route onto your Mac anyway.
However, it’s a timely reminder that any platform that a malware writer thinks that they might be able to make money out of is one that they will try to do so.
Blithely trusting any installer for any app you get online is risky behaviour, but there’s a few simple steps you can take to reduce that risk. Obviously, not installing pirated software is one of them, but it’s also wise to ensure that you’re getting software and apps from sources you trust in the first place. Unless you’re keen to decompile packages and software applications, there’s often little to pick the fakes from the real stuff. If it’s being offered for “free” when it’s usually paid and expensive, ask yourself why and double check that it’s actually coming from a legitimate web site.
This of course isn’t just a Mac thing either. If you’re a Windows user, the exact same advice applies.
Also, in the case of encryption scams, the single most powerful thing any single computer user can do is have a ready and regularly updated backup of all of their files.
If you can restore all of your data, even if the very worst happens, you can ignore the encryption scam demands – and there’s no telling if they’d deliver the decryption keys even if you did pay, because, hello, they’re criminals – wipe your system clean of operating systems and malware and start again without losing your own precious data. Is that a painful step? Yes, it is, and it will take some time, but it’s way less painful than losing all your files.