This Mac ransomware is old but it could still cause you big problems

[RV_]

Excerpt:

"Ransomware is a major cybersecurity issue - and it doesn't matter which operating system you use.

Cybersecurity researchers at Microsoft Security Threat Intelligence have detailed several ransomware campaigns targeting Apple-based computers and networks -- and the methods of attack are very familiar to those used by cyber criminals targeting Microsoft Windows and other operating systems.

In many instances, the initial compromise occurs after the user is tricked into providing access to cyber criminals, such as by opening phishing emails or downloading and then running fake or trojanized applications that install ransomware. 

Like other forms of ransomware on other operating systems, ransomware targeting MacOS comes equipped with features designed to achieve persistence and avoid detection until it's too late.  

These features include delaying execution of the malware to avoid detection in the earliest stages of the attack, instructions to run each time the machine is started, and using legitimate features in MacOS to run commands and help spread the attack.

But one particular form of Mac ransomware looks as if it has much more in mind than the sole focus on encrypting files and demanding an extortion payment -- analysis shows that it has much more powerful capabilities, too. 

The ransomware is known as EvilQuest, which first emerged in 2020 and is still targeting Mac systems today. 

According to Microsoft, newer versions of EvilQuest come with additional capabilities, including keylogging, which sends a record of what the infected victim types with their keyboard to attackers, something that can be exploited to secretly steal usernames and passwords. 

EvilQuest is also capable of disabling security software, a tactic used to reduce the chances of the ransomware being spotted before the final attack is triggered. 

Other forms of Mac ransomware detailed by Microsoft include KeRanger, FileCoder, and MacRansom -- and they all use techniques designed to make manual discovery by users or cybersecurity teams difficult.  

Microsoft says it has detailed extensive information on the Mac ransomware to aid defence against attacks."

So why is Microsoft investigating Mac malware? Does Apple? Not slamming Apple I don't have any Apple products to know if they send out alerts and workarounds for Mac Malware.

More in the source here:

https://www.zdnet.com/article/this-mac-ransomware-is-old-but-it-could-still-cause-you-big-problems/?ftag=TRE-03-10aaa6b&utm_email={{#sha256}}{{email}}{{/sha256}}&utm_campaign_id={{campaignId}}&utm_email_id={{#sha256}}{{campaignId}}{{templateId}}{{email}}{{/sha256}}&utm_newsletter_id={{messageTypeId}}&medium=email&source=iterable