A new data wiper and info-stealer called EvilQuest is using ransomware as a decoy to steal files from macOS users. The  victims get infected after downloading trojanized installers of popular apps from torrent trackers.

While not common, ransomware has been known to target the macOS platform in the past, with KeRanger, FileCoder (aka Findzip), and Patcher being three other examples of malware designed to encrypt Mac systems.

EvilQuest was first spotted by K7 Lab malware researcher Dinesh Devadoss and analyzed by Malwarebytes’ Director of Mac & Mobile Thomas Reed, Jamf Principal Security Researcher Patrick Wardle, and