Patrick Wardle, Principal Security Researcher at Jamf, says this malware allows a hacker to get full control over an infected machine. In addition to encrypting a victim’s files, EvilQuest also installs a keylogger and a reverse shell. In addition to all that, it also steals cryptocurrency files. This means paying a ransom is the least of a victims worries.
EvilQuest is a relatively new piece of malware, being distributed since the start of June. And it was found hidden inside pirated macOS software found on torrent sites and online forums. So basically anyone torrenting pirated software is at risk. It also acts fast, beginning the encryption process the moment it is executed. And once the encryption process ends, it immediately starts installing its other components. Considering the transmission vector, you should be safe from EvilQuest if you steer clear of pirated software. There is also an open source app called RansomWhere? that is able to detect and stop ransomware attacks on macOS machines. (Source: ZDNet)