The spyware component also lurks persistently as a backdoor on infected devices, meaning it sticks around even after a computer reboots, and could be used as a launchpad for additional, or 'second stage,' attacks. In addition to ransomware, ThiefQuest has a whole other set of spyware capabilities that allow it to exfiltrate files from an infected computer, search the system for passwords and cryptocurrency wallet data, and run a robust keylogger to grab passwords, credit card numbers, or other financial information as a user types it in. (Researchers originally dubbed it EvilQuest, until they discovered the Steam game series of the same name.)
It turns out, though, that the malware, which researchers are now calling ThiefQuest, gets more interesting from there. So when Dinesh Devadoss, a malware researcher at the firm K7 Lab, published findings on Tuesday about a new example of Mac ransomware, that fact alone was significant. The threat of ransomware may seem ubiquitous, but there haven't been too many strains tailored specifically to infect Apple's Mac computers since the first full-fledged Mac ransomware surfaced only four years ago.
