"New EvilQuest macOS Ransomware is a Smokescreen For Other Threats"

A new macOS ransomware dubbed EvilQuest was first spotted in late June by a malware researcher with K7 Lab.  The ransomware was impersonating the Google Software Update program.  The ransomware is usually delivered bundled up with pirated versions of popular macOS software.  The ransomware is used as a smokescreen by adversaries and its  “noisiness”, is used to hide other things happening on the system in the background like the installation of a keylogger and a reverse shell, and the exfiltration of files that contain valuable information.  

Help Net Security reports: "New EvilQuest macOS Ransomware is a Smokescreen For Other Threats"