New Malware Attack Hits OS X, Holds Safari Hostage

July 17, 2013

Does Mac OS X need anti-virus softwareWell Apple users, you can no longer claim immunity from malware and virus attacks: Security firm Malwarebytes spotted a new JavaScript vulnerability targeting Mac OS X users with a Safari-specific exploit. The attack is a simple ransomware attack where an attacking site holds a computer hostage for a nominal fee — in this case $300.

PC users have been hit by these attacks, which usually accuse the victim of violating copyright or visiting pornographic websites, for years. This particular attack uses a JavaScript code to keep a user from browsing the Internet. Using Safari’s “restore from crash” feature, the attack also automatically loads the faux FBI site after a force restart, effectively barring the user from the Internet.

Those afflicted are blasted with the following messages:

“You have been viewing or distributing prohibited Pornographic content.. To unlock your computer and to avoid other legal consequences, you are obligated to pay a release fee of $300.”

And:

“Your browser has been locked. all PC data will be detained and criminal procedures will be initiated against you if the fine will not be paid.”

The scam demands a user purchase a Green Dot MoneyPack card (sold at local convenience stores) in order to transfer funds to the scammers, who’ll then (allegedly) remove the ransomware from a user’s computer.

It’s all bunk, of course, but it’s a fairly well-crafted social engineering attack complete with intimidating fonts, official looking graphics and an apparent fbi.gov URL: fbi.gov.id657546456-3999456674.k8381 . com (for obvious reasons we’re not linking to it). The attack also displays a user’s current IP address, city and state for the extra fear factor.

There are, however, a few ways around the ransomware. The first method is to click on the Safari menu, pick “Reset Safari,” select all items before resetting your browser. Users can also hold down their shift key while restarting Safari to keep tabs from opening.

As Malwarebytes notes, it always pays to throughly review and research a threatening message on the Internet. If you feel you’re effectively cut-off, try accessing the Internet at your local library for research or simply look up information on your smartphone. Finally, if you’re at a complete loss, try asking your resident computer expert and/or repair shop. They should be able to set you right for a — far cheaper — nominal fee.

Be Sociable, Share!

3 Responses to “New Malware Attack Hits OS X, Holds Safari Hostage”

  1. dvous:

    Those instructions to get around the problem are only going to be valid if access to the Safari menu and/or the “Reset Safari” command have not been blocked by the ransomware.

    This is commonly the case with malware that hijacks a Windows box, particularly the exploit that accuses the victim of illegal/porn activity. In such cases, often access to the Task Manager and other system recovery resources within the OS are blocked. In the last case I dealt with, the box was hijacked immediately on boot-up. Even access to the desktop was blocked.

  2. Bryan Buggins:

    I have Mac OSX and thank you for sharing this. You could really help in preventing this malware problem.

  3. Michael Mayday:

    Dvous,

    Thanks for the comment, and, of course, you’re right. as far as I’m aware, however, this isn’t the case for the Mac OSX virus, though that could easily change in the near future. Ransomware is some scary stuff — do you have any advice on how to prevent such malware from infecting Windows/Mac computers?

Leave a Reply:


Recent stories

Featured stories

RSS Windows news

RSS Mac news

RSS iPad news

RSS iPhone & Touch

RSS Mobile technology news

RSS Tablet computer news

RSS Buying guides

RSS PS3/Wii/Xbox 360

RSS Green technology

RSS Photography

Featured Content

Archives

Copyright © 2014 Blorge.com NS