Warning: Ransomware Targeting Macs Poses as FBI Demand for $300

Ransomware targeting Apple's Safari browser on Macs has been found in the wild by MalwareBytes. The ransomware is exploiting Javascript to hijack a browser window with a fake FBI-branded accusation that the user is distributing child porn and an offer to let bygones be bygones for a mere US$300.

From MalwareBytes:

Warnings appearing to be from the FBI tell the victim: 'you have been viewing or distributing prohibited Pornographic content.. To unlock your computer and to avoid other legal consequences, you are obligated to pay a release fee of $300.'

Such malware is called ransomware because it usually takes over a PC in its entirety. This ransomware is more like nuisanceware—it doesn't take over either your Mac or your browser, but rather uses Javascript to open 150 dialog boxes that each require dismissing before you can close the browser window.

Ransomware Example

An Example of this Ransomware
(Click the image for a larger version)

One might immediately scoff at such a demand, especially if one is savvy about the world or technology. The FBI obviously isn't in the practice of notifying people via a webpage that they have been distributing illegal pornography, and it is somewhat less in the practice of letting them off with a relatively small fee.

It turns out that the world is full of people who are not savvy. To wit, Nigerian "princes," "bankers," and biusnasmenn" [I saw that spelling in one phishing attempt] send out billions of scam emails for a reason. A tiny, tiny percentage of people fall for this stuff.

Users can force-quit Safari, but in Mountain Lion it will reopen with the same windows open. If you hold the shift key when opening Safari, it will do so without opening windows from the prior session. MalwareBytes also notes that resetting Safari will do away with the problematic window, but that's far more onerous than the shift-force-quit method.

The bad guys are targeting users with search results in popular search terms. MalwareBytes noted that an image returned in a Bing search for "Taylor Swift" resulted in the ransomware attack.

Note that MalwareBytes is hit and miss as of this writing.

[Via MacRumors]