detection icon

Short bio

Ransom.OSX.EvilQuest is Malwarebytes’ detection name for a ransomware variant targeted at macOS systems.

Type and source of infection

Ransom.OSX.EvilQuest is ransomware of the type that encrypts files and thean asks for a ransom to decrypt them. Ransom.OSX.EvilQuest was distributed as a Little Snitch installer available for download on a Russian forum dedicated to sharing torrent links.

fake Little Snitch


It is unclear if the encrypted files can actually be recovered. And there are possibly stolen data sent to a C&C server

ransom prompt


Malwarebytes for Mac detects and removes Ransom.OSX.EvilQuest


Malwarebytes for Mac will detect and remove the components of this malware.

Download and install the latest version of Malwarebytes for Mac.

Click the “Scan Now” button to perform a system scan.

If threats are detected during the scan, a count of detected threats is displayed. More detailed threat information is displayed after the scan completes.

Click “Confirm” to move the detected threats to Quarantaine.

If a restart is required to complete remediation of threats detected during a scan, you will be notified. When a restart is required, please remember to save all work before clicking “Restart”.