Hackers Target Macs with Ransom Threat for Web Surfing

| News

Hackers have found a way to use some basic JavaScript code to trick unsuspecting Mac users into paying US$300 for surfing the Web. The threat tricks users into thinking they have been viewing or distributing pornographic content by hijacking Safari and displaying a warning that appears to come from the FBI.

The scam doesn't rely on system vulnerabilities, but instead loads a webpage that includes JavaScript code that loads 150 iframes to display the message over and over, according to Malwarebytes. When Safari users force quit the application, the iframes reload the next time the app is launched thanks to its built-in restore from crash feature.

Since the threatening warning is set to reload 150 times, victims are more likely to assume they really have been locked out of their Web browser and pay the ransom.



Assuming you fall victim to the scam, Safari users can break the warning loop by using Command-Option-Escape to force quit the application, then hold down the Shift key when relaunching to stop the auto-reload of webpages. You can also kill the ransom loop by choosing Safari > Reset Safari, which will clear your history, autofill data, saved names and passwords, and more.The threat states, "you have been viewing or distributing prohibited Pornographic content.. To unlock your computer and to avoid other legal consequences, you are obligated to pay a release fee of $300," which sounds pretty ominous, especially when coupled with an FBI symbol.

This ransom scam isn't a system-level security threat, so Apple doesn't need to release a software update to address it, although the company will most likely roll out an update to OS X's built-in malware protection list that helps block the ransom dialog from appearing.

If you see warnings in your Web browser saying you did something wrong and must now pay a fine, it's a scam.

The Mac Observer Spin The Mac Observer Spin is how we show you what our authors think about a news story at quick glance. Read More →

This isn't malware, or a vulnerability in JavaScript. Instead, it's simple social engineering that tricks people into thinking they did something wrong and must now pay a $300 fine.

Popular TMO Stories



Does it affect Firefox and Chrome too?

Lee Dronick

The jerks will probably start to use it for other purposes, get passwords and such.


The last I’ve heard, porn (except child porn) is legal to distribute. So I would say bullshit to their warning, but I know some people who’d freak out and pay.


Hasn’t affected my Firefox.

Log in to comment (TMO, Twitter or Facebook) or Register for a TMO account