A new malware called ThiefQuest is using ransomware as a decoy to steal files from Mac users. The victims get infected after downloading trojanized installers of popular apps from torrent trackers. The malware includes the capability to check if it’s running in a virtual machine (more of a sandbox check) and it features anti-debug capabilities. It also checks for some common security tools (Kaspersky, Norton, Avast, Bitdefender, DrWeb, Mcaffee, and Bullguard) and opens a reverse shell used for communication with its command-and-control server.
Source: https://www.bleepingcomputer.com/news/security/thiefquest-ransomware-is-a-file-stealing-mac-wiper-in-disguise/