Mac Attack: Ransomware Targets Safari

Thursday, July 18, 2013 @ 04:07 PM gHale


Windows for quite some time now has had a monopoly on suffering from the ravages of ransomware, but now it appears Macs are joining in on the “fun.”

There is now a strain of Mac OS X ransomware, also known as “scareware,” which essentially takes a victim’s computer hostage until they pay a certain fee to unlock it, said researchers at security firm Malwarebytes.

RELATED STORIES
Ransomware Forces Survey on Victim
Music App a Political Android Trojan
Android Master Key Open to Attack
Skype Android Vulnerability

In the case of the threat Malwarebytes found, users, after visiting a website filled with malicious code, had their browsers hijacked and then they received a message claiming to come from the FBI, senior security researcher Jerome Segura said in a blog post.

The faux alert tries to intimidate the victim with a legitimate-looking post that says their “browser has been blocked” because their computer either violated copyright laws, viewed porn or initiated some type of illegal access.

The scam demands $300 from the victim, who can pay it through Green Dot MoneyPak by purchasing a prepaid card and transferring the value to the attackers.

Paying the scammers is not what anyone recommends, but neither is trying to “force quit” the web page containing the bogus threat, said Malwarebytes researchers. Because of the Safari browser’s auto-restore feature, the page only will return when the browser starts back up.

Instead, users should click on the “Safari” tab on the navigation bar and choose “Reset Safari,” ensuring all of the boxes are checked. Then hit “Reset.”

The ransomware comes from websites where victims end lured after searching for popular search terms, Segura said. For example, Segura stumbled upon the scam after searching for “Taylor Swift” on Bing Images. Segura did not say how widespread the threat is.

Windows users have seen this type of threat before, but attackers appear headed in the same direction on Macs.



Leave a Reply

You must be logged in to post a comment.