Lazarus malware samples typically come in the form of either legitimate Trojanized apps or fake apps that are Trojanized. These are FallChill, GMERA, Dacls RAT, and many more. This year, the North Korean hacking group known as Lazarus, has been actively distributing plenty of new malware pieces. It was difficult to find what this malware was doing. This emulator would run a tiny Linux shell system with the open-source XMRig Monero miner. This malware worked by installing a virtual machine program called Qemu.
#BEST MALWARE FOR MAC 2018 CRACK#
A lot of these apps were available through the VST (Virtual Studio Technology) crack site. Bird Miner was distributed through piracy of a large number of audio apps. It is designed to mine the cryptocurrency called Monero. 2. Bird MinerĪnother piece of malware is called Bird Miner.
#BEST MALWARE FOR MAC 2018 UPDATE#
It also did some other interesting things like keylogging and viral infection of other binaries in the user folder – for example, Google Chrome update files. ThiefQuest was exfiltrating data from the user folder via HTTP sequentially picking files with certain extensions and sending them up to the hacker-controlled server. Hackers wanted to keep their victims looking at many ransomware bells and whistles rather than learning that this malware collected data from the system. All the ransomware activity turned to be fake. Later, it was found that ThiefQuest was actually exfiltrating an exceptionally large amount of data from the system.
If somebody got infected and had their files encrypted and had no backups, there was a way to decrypt those files. All these factors looked suspicious.Īnother interesting thing was that the encryption key was written in plain text at the end of the encrypted files. So, there was no way to contact the malware authors and tell them that you have paid and request your decryption key. On top of that, there was no email address in the ransom note. It means that if somebody sends a payment to that BTC address, there is no way for the cybercriminals to know who sent the payment. However, as researchers dug in a little deeper, they saw some things that were not consistent with ransomware.įor example, everyone infected with this malware received the same ransom note with the same Bitcoin address.
It started encrypting files when you installed it. This malware was spread via torrents and through modified copies of legitimate apps.Īt first, security experts believed that ThiefQuest was ransomware. The first one of these threats is called ThiefQuest (originally called EvilQuest).
Let us take a look at some of the notable malware threats that experts have seen so far in 2020.