India

Govt Warns Apple Laptop Users In India About ‘ThiefQuest’; Know The Details

By
OB Bureau

New Delhi: The Indian Computer Emergency Response Team (CERT-In) has issued an advisory alerting Apple MacBook, iMac and other macOS users about a new ransomware called ThiefQuest, which has been spreading since last month.

This new ransomware, also called EvilQuest, locks files on macOS and spies on infected systems. CERT-In has also listed steps for users to protect themselves.

Here are the details about the new MacOS ransomware and how you can stay safe:

a) The ThiefQuest ransomware not only encrypts the files on the system but also installs a keylogger, remote shell and steals cryptocurrency wallet-related files from infected hosts, according to a Gadgetsnow report.

b) This ransomware continues to track victims, even after they have paid ransom, to unlock their system as the attacker continues to have access to the computer and can exfiltrate files and keystrokes. This ransomware is distributed via legitimate applications on Torrent websites such as Little Snitch, Ableton, and Mixed in Key.

c) ThiefQuest runs the Python scripts by downloading them as disguised GIFs. If a file matches the search criteria, it will base 64 encode the file contents and send it to C&C server. These files include text files, images, Word documents, SSL certificates, code-signing certificates, source code, projects, backups, spreadsheets, presentations, databases, and cryptocurrency wallets.

d) The attackers do not provide any email address to contact them for decryption after the ransom has been paid. “This makes it impossible for attackers to identify victims who have paid ransom. This leads to the suspicion that ransomware may be used for spying and other malicious activity,” CERT-In was quoted as saying.

e) Ransomware generally targets common file types. Regular backups of all critical information should be kept on a separate device, and backups should be stored offline. Remote access, when not in use, must be disabled.

f) Execution of Power shell /WSCRIPT in an enterprise environment should be restricted and a Sender Policy Framework (SPF) for your domain should be established. Block binaries running from %APPDATA% and %TEMP% paths by whitelisting applications or implementing Software Restriction Policies (SRP) strictly.

g) Segmenting the network and segregating it into security zones will help protect sensitive information and critical services. Ad blockers should be installed.

OB Bureau

Recent Posts

Mumbai Airport Gets Bomb Threat, Caller Warns Of Man ‘Carrying Explosives’ To Azerbaijan

Mumbai: The Chhatrapati Shivaji Maharaj International Airport in Mumbai received a bomb threat on Wednesday…

November 14, 2024

Supreme Court Denies Anticipatory Bail To Odisha BJP MLA Jayanarayan Mishra In Woman Cop Assault Case

New Delhi/Bhubaneswar: In a jolt to veteran BJP leader and Odisha MLA Jayanarayan Mishra, the…

November 14, 2024

Delhi Court Orders AAP MLA Amanatullah Khan’s Release From Jail In Waqf Board Case

New Delhi: A Delhi court on Thursday ordered Aam Aadmi Party (AAP) MLA Amanatullah Khan’s…

November 14, 2024

Is Tulsi Gabbard, First US Hindu Lawmaker Appointed As Intelligence Director In Trump 2.0 Of Indian Origin?

New Delhi: Former Democrat Tulsi Gabbard, picked by US President-elect Donald Trump as the Director…

November 14, 2024

Elderly Woman Mauled To Death By Stray Dog In Odisha Village

Balasore: In a shocking incident, an elderly woman was mauled to death by a stray…

November 14, 2024

Bhubaneswar Bali Jatra: Check Traffic Restrictions & Vehicle Parking Sites

Bhubaneswar: The annual Bali Jatra festival is set to be held at Bankual in Bhubaneswar…

November 14, 2024

Snap Polls In Sri Lanka Today; Results Likely On Friday

New Delhi: Sri Lanka is voting today in the second national election in as many…

November 14, 2024

Woman Dies After Being Attacked By Chain Snatchers 3 Days Ago In Bhubaneswar

Bhubaneswar: In a tragic incident, a woman who had sustained grievous head injuries after being…

November 14, 2024