Impersonating as Google Software Update program, EvilQuest wiper is found targeting MacOS, with almost zero detection. This new piece of macOS ransomware was found in pirated versions of popular macOS software, shared on popular torrent sites. This method of infection is common and at least at some level successful. It encrypts files and leaves a ransom note.
The .txt files when opened, looks like this:
It appears to handle tasking from a command and control server (andrewka6.pythonanywhere[.]com). Such tasking includes:
Armed with these capabilities, the attacker can gain full control over an infected host!