![]() The installer also contained a postinstall script-a shell script that is executed after the installation process is completed. Worse, the installer package was pointlessly distributed inside a disk image file.Įxamining this installer revealed that it would install what turned out to be the legitimate Little Snitch installer and uninstaller apps, as well as an executable file named “patch”, into the /Users/Shared/ directory. However, this installer was a simple Apple installer package with a generic icon. To start, the legitimate Little Snitch installer is attractively and professionally packaged, with a well-made custom installer that is properly code signed. InstallationĪnalysis of this installer showed that there was definitely something strange going on. ![]() In fact, we discovered that not only was it malware, but a new Mac ransomware variant spreading via piracy. A post offered a torrent download for Little Snitch, and was soon followed by a number of comments that the download included malware. The new name, ThiefQuest, is also more fitting for our updated understanding of the malware.Ī Twitter user going by the handle messaged me yesterday after learning of an apparently malicious Little Snitch installer available for download on a Russian forum dedicated to sharing torrent links. ![]() Editor’s note: The original name for the malware, EvilQuest, has been changed due to a legitimate game of the same name from 2012. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |