Warning: Ransomware Targeting Macs Poses as FBI Demand for $300

| News

Ransomware targeting Apple's Safari browser on Macs has been found in the wild by MalwareBytes. The ransomware is exploiting Javascript to hijack a browser window with a fake FBI-branded accusation that the user is distributing child porn and an offer to let bygones be bygones for a mere US$300.

From MalwareBytes:

Warnings appearing to be from the FBI tell the victim: 'you have been viewing or distributing prohibited Pornographic content.. To unlock your computer and to avoid other legal consequences, you are obligated to pay a release fee of $300.'

Such malware is called ransomware because it usually takes over a PC in its entirety. This ransomware is more like nuisanceware—it doesn't take over either your Mac or your browser, but rather uses Javascript to open 150 dialog boxes that each require dismissing before you can close the browser window.

Ransomware Example

An Example of this Ransomware
(Click the image for a larger version)

One might immediately scoff at such a demand, especially if one is savvy about the world or technology. The FBI obviously isn't in the practice of notifying people via a webpage that they have been distributing illegal pornography, and it is somewhat less in the practice of letting them off with a relatively small fee.

It turns out that the world is full of people who are not savvy. To wit, Nigerian "princes," "bankers," and biusnasmenn" [I saw that spelling in one phishing attempt] send out billions of scam emails for a reason. A tiny, tiny percentage of people fall for this stuff.

Users can force-quit Safari, but in Mountain Lion it will reopen with the same windows open. If you hold the shift key when opening Safari, it will do so without opening windows from the prior session. MalwareBytes also notes that resetting Safari will do away with the problematic window, but that's far more onerous than the shift-force-quit method.

The bad guys are targeting users with search results in popular search terms. MalwareBytes noted that an image returned in a Bing search for "Taylor Swift" resulted in the ransomware attack.

Note that MalwareBytes is hit and miss as of this writing.

[Via MacRumors]

Popular TMO Stories




So this FBI thing was a scam? And I didn’t need to pay - Well, good thing for me, I’ll be getting my money back, believe you me! No Nigerian princess, she, (wouldn’t fall for that old thing) but thanks to that very nice Nigerian widow, I’ll get back my $300, and then some. We’ll see who has the last laugh then, now won’t we. Ha! Ha-ha—hah!

On a more serious note, I find that I get most of these money schemes, indeed the overwhelming majority, including winning the national lottery in Britain, Ireland and France, on my foreign-registered email account in Asia, not to mention the phishing scams about my mail over-flow and the need to send in my password to the ‘Administrator’, but all of the women trafficking adverts as well (Meet Nice Asian Women or Olga from Russia Really Wants to Meet You). Really, now? ‘Olga’ or whomever sent that spam is more likely some burly guy with a pot-gut, a three-day stubble and bad breath than the svelte buxom blonde in the photo.

Undoubtedly, many of those who fall victim to these scams are denizens of emerging markets and less developed countries, many of whom have had less exposure or are relatively new to the internet. When internet banking first came to Singapore back in the early-mid 2000’s, on a visit, I happened to read in the local papers how many customers had fallen victim to some very simplistic phishing scams, with substantial impact on the banking sector.

This will no doubt continue, as more come on board, and people who can least afford it fall prey.

Log in to comment (TMO, Twitter or Facebook) or Register for a TMO account