ThiefQuest

Malware Profile Updated 2 months ago
Download STIX
Preview STIX
ThiefQuest, also known as EvilQuest and MacRansom.K, is a malware that was initially perceived as ransomware targeting Mac systems. This malicious software was first discovered spreading through pirated software found on a Russian torrent forum. However, subsequent analysis revealed that ThiefQuest may not operate as typical ransomware. While ransomware typically encrypts users' data and demands payment for its release, ThiefQuest's actual functionality seemed to lean more towards data theft. The operation of ThiefQuest involved dropping a Python script onto the infected system, though this process was not always reliable. Initially, it was believed that the primary objective of ThiefQuest was to extort ransom from victims by encrypting their data. However, upon further investigation, it became apparent that the main purpose of the malware was not extortion but rather data extraction. This new understanding of the malware's function led to the adoption of the name "ThiefQuest," which better encapsulates its data thieving nature. Despite initial reports suggesting ThiefQuest was a form of ransomware, later findings indicated that it might not actually fulfill this role. In fact, some experts suggested that it was masquerading as ransomware while its primary function was to transfer data from the infected device. This combination of ransomware-data thief-spyware marked a significant development in the landscape of malicious software. Its unique blend of functionalities underscores the evolving complexity of threats posed by malware.
What's your take? (Question 1 of 5)
Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.
Possible Aliases / Cluster overlaps
It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at.
IDVotesProfile Description
Evilquest
2
EvilQuest, also known as ThiefQuest or MacRansom.K, is a significant development in the realm of malware. This malicious software, first identified by researchers at Malwarebytes who initially named it "EvilQuest", was later renamed "ThiefQuest". The malware operates as a combination of ransomware,
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Ransomware
Spyware
Malware
Encrypt
Ransom
Associated Malware
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Associated Threat Actors
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Associated Vulnerabilities
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Source Document References
Information about the ThiefQuest Malware was read from the documents corpus below. This display is limited to 20 results, create a free account to see more
SourceCreatedAtTitle
CERT-EU
a year ago
All the Mac malware we know about
MITRE
a year ago
"EvilQuest" Rolls Ransomware, Spyware & Data Theft Into One
MITRE
a year ago
Mac ThiefQuest malware may not be ransomware after all | Malwarebytes Labs