Sidebar Sidebar
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.

OS X Users Hit by Ransomware Websites Posing as FBI Notices

MacRumors

MacRumors

macrumors bot
Original poster
Apr 12, 2001
63,524
30,823



Malwarebytes takes a look at a method cyber-criminals have begun using to target Mac users with "ransomware", hijacking the user's browser with a notice demanding payment of $300 in order to release control of the application. While similar malware has affected Windows systems for a number of years, Mac users have only rarely seen such efforts targeted at themselves.
The ransomware page is being pushed onto unsuspecting users browsing regular sites but in particular when searching for popular keywords.

Warnings appearing to be from the FBI tell the victim: "you have been viewing or distributing prohibited Pornographic content.. To unlock your computer and to avoid other legal consequences, you are obligated to pay a release fee of $300."
Click to expand...
safari_fbi_ransomware.jpg
Rather than a sophisticated hijack of the actual browser software or an installation of a trojan, the ransomware is merely a simple webpage using JavaScript to load 150 iframes that require confirmation to be dismissed, with the authors hoping that users will give up long before they dismiss all of the dialog boxes and simply pay the ransom. As the report notes, a feature on OS X that reopens previously open windows after relaunching an app means that users generally can not simply close and reopen Safari in order to escape the ransomware.

The report details one method to escape the ransomware involving resetting Safari, but misses a far simpler tactic: Simply holding down the Shift key while relaunching Safari will prevent it from reopening windows and tabs from the previous session. Users can also completely disable the reopening feature across OS X from the General pane of System Preferences. Many OS X users may, however, be unfamiliar with such options and find themselves trapped by the ransomware webpage.

The report notes that the ransomware authors are targeting users based on popular search terms, with one example stumbled upon through an image search result for Taylor Swift on Bing.

Article Link: OS X Users Hit by Ransomware Websites Posing as FBI Notices
 
Article Link
https://www.macrumors.com/2013/07/16/os-x-users-hit-by-ransomware-websites-posing-as-fbi-notices/
notjustjay

notjustjay

macrumors 603
Sep 19, 2003
6,056
167
Canada, eh?
This is exactly why I don't like (and will turn off) the "re-open all previously open windows" feature. Even accidental Javascript errors can result in endless windows, and errors like that are much easier to clear by quitting and restarting.
 
R

ryansimmons323

macrumors regular
Oct 5, 2011
230
83
United Kingdom
Well at least it only blocks the browser. I've had to fix 2 Windows machines for people with these things and they completely lock the whole system as well as installing a load of crap with it.
 
Nightarchaon

Nightarchaon

macrumors 65816
Sep 1, 2010
1,393
30
this is why that feature was the 1st thing i turned off when i upgraded my macbook pro/bought my new iMac

Useless Feature IMO, i use a script to start up the programs i need with a single click, and tie that to startup. i prefer clean starts when i restart a program, not a cached copy of the program from earlier

This is why we need to Kill Java as well as flash, ASAP
 
Tankmaze

Tankmaze

macrumors 68000
Mar 7, 2012
1,707
351
good PSA from macrumors!

Many OS X users may, however, be unfamiliar with such options and find themselves trapped by the ransomware webpage.
Click to expand...

this is true, it can even fool me (consider myself as a geek).
 
D

deKay

macrumors newbie
Feb 5, 2013
3
0
notjustjay said:
This is exactly why I don't like (and will turn off) the "re-open all previously open windows" feature.
Click to expand...

But when you use ForceQuit does it not just load the homepage from your preferences? So to "solve" the problem you just go there and set it back to apple.com, google.com or whatever?

primalman said:
Who falls for a thing that says its the FBI and to pay a fine you use gas station money cards? Really?
Click to expand...

Way too many people.
 
scbn

scbn

macrumors 6502
Jul 25, 2010
272
22
Let me guess: those blackmailing guys are from Eastern Europe or Russia?
 
TMRaven

TMRaven

macrumors 68020
Nov 5, 2009
2,099
1
If the fbi finds out you're distributing child porn you're going to jail, not paying 300 dollars. Hahaha.
 
SandboxGeneral

SandboxGeneral

Moderator emeritus
Sep 8, 2010
26,482
10,051
Detroit
This is the perfect use of NoScript for Firefox and ScriptNo for Chrome.

These excellent extensions for each browser prevents these types of things from running without user authorization.

Edit: Looks there is an extension for Safari: http://javascript-blocker.toggleable.com/

Regarding the extension for Safari, there is a disclaimer associated with it. It turns out, due to Apple, this extension isn't as robust and powerful as those for Chrome or Firefox. but should nontheless help out.
*Unlike NoScript, this tool only blocks scripts when they are loaded from an external file or a data URI. What this means is that any scripts that are within the page itself can still run. Usually this is enough to remain safe on the web and block trackers, advertisers, etc. Unfortunately this is a limitation of the Safari extension design, not mine.
Click to expand...
 
Last edited:
dernhelm

dernhelm

macrumors 68000
May 20, 2002
1,649
137
middle earth
notjustjay said:
This is exactly why I don't like (and will turn off) the "re-open all previously open windows" feature. Even accidental Javascript errors can result in endless windows, and errors like that are much easier to clear by quitting and restarting.
Click to expand...

Exactly. That's one of the first things I do when I help someone else with any problem with their Mac. That "feature" should never have been enabled by default. Its one of those "sounds great when you discuss it, but doesn't work in practice" type features.
 
bacaramac

bacaramac

macrumors 65816
Dec 29, 2007
1,424
100
Wow, at least make it more believable. Pay $300 to unlock browser? Ok, why don't you at least write something along the lines

"There was a new law that passed that allows settlement of these fines at $300. You may pay the $300 settlement fine now or legal action may pursue against you. You will have the right to defend your case in court. blah blah"

At least make the $300 believable. Who falls for this crap, seriously.
 
J

jonAppleSeed

macrumors regular
Mar 21, 2013
200
0
Apple users are more willing to pay for digital things.
I wonder if the a$$hat who is doing this had that in mind.
 
E

everything-i

macrumors 6502a
Jun 20, 2012
827
2
London, UK
Pretty obviously fake, as if the FBI would use phrases like 'child porno photos and etc were found on your computer'. Still I suppose it only takes a very small fraction of people seeing this to pay up to make the criminals a decent amount of cash.
 
Eidorian

Eidorian

macrumors Penryn
Mar 23, 2005
29,190
386
Indianapolis
notjustjay said:
This is exactly why I don't like (and will turn off) the "re-open all previously open windows" feature. Even accidental Javascript errors can result in endless windows, and errors like that are much easier to clear by quitting and restarting.
Click to expand...
Apple's "helpful" defaults are more annoying than anything else.
 
A

ArmCortexA8

macrumors 65816
Feb 18, 2010
1,074
205
Terra Australis
Honestly, if people really fall for these tricks they should not be anywhere near a computer and they deserve to be ripped off - hopefully they might learn from it. For god's sake the URL alone is enough to make you realise its dodgy. People should NOT be told to keep pressing OK buttons on dialogue boxes as this can introduced more problems. Notice the user in the video did not got to preferences and change the home page, or Hold shift and Start safari either.
 
You must log in or register to reply here.
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.
Top Bottom