Users that have torrent copies of Ableton Live and Mixed In Key for macOS may be exposing themselves to ransomware. Findings from Dinesh Devadoss show that the malware known as ThiefQuest is targeting Apple Mac systems and contains a set of spyware capabilities that pose a dangerous threat to users.
ThiefQuest is able to exfiltrate files from an infected Mac, scan the system for passwords and cryptocurrency wallet data and run a keylogger to extract passwords, bank details, and other financial information a user types in. It also lurks on the system as a backdoor, so even when a computer is rebooted, it can launch ‘second stage’ attacks. Usually, malware like this is pretty rare on Macs, so the fact that ThiefQuest is even around could be a wake-up call to many music technologists, artists, and producers.
The way it attacks once it’s on your drive is by encrypting your system, stopping you from opening your files. Then, a pop-up box is displayed telling you that the only way to reclaim your data is by paying a ransom of $50 in bitcoins. Whether you’ll actually get back access to your files is another question, though. There is yet to be a user who has paid the ransom to the attackers.
Fortunately, it’s severely unlikely that the average music producer is going to be infected with ThiefQuest. If you’re a frequent torrent user though, your chances are a little higher. Apple’s system will open a series of warnings that you will have to manually close to allow the ransomware onto your computer, which, for most people, will wave a red flag. Those used to pirating software are probably used to ignoring these messages, however, putting them at higher risk of getting infected.
According to WIRED, Devadoss says that the malware is designed to look like a ‘Google Software Update program’. So far, though, researchers say that it doesn’t seem to have a significant number of downloads.
This is essentially a pretty blatant warning to producers looking to crack software: don’t do it. Endeavour to download software from trusted sources, where the developer’s code is ‘signed’ by Apple to prove its legitimacy. And, as always, keep your data safe and make use of backups, so in the worst-case scenario, you can just restore your system before you got targeted.