Updating Apple iOS will protect you from this fake ransomware attack

Need another reason to update to iOS 10.3? Doing so will protect your from this fake ransomware attack.

iphone locked
Credit: Thinkstock
Related

Lookout researchers warned of a campaign involving fake ransomware attacks that attempt to extort money from users of mobile Safari. Victims are accused of accessing illegal pornography and the browser appears to be locked up unless a “ransom” is paid.

“Your device has been locked for illegal pornography,” the message stated on a site with security agency icons such as NSA and Interpol at the bottom of the page. An overlay pop-up warned that Safari “cannot open page” with “OK” underneath the message. However, the dialog would not go away no matter how many times the victim tapped “OK.”

Lookout said, “Each time he tapped ‘OK’ he would be prompted to tap ‘OK’ again, effectively putting the browser into an infinite loop of dialog prompts that prevented him from using the browser.”

A different message on police-pay[.]com instructed victims to pay a fine of 100 pounds – roughly $125 – with an iTunes pre-paid card.

There were similar “ransomware” warnings accusing victims of accessing pirated music.

But it wasn’t actually ransomware locking up Safari; it was scareware. Lookout researchers said,” The attackers effectively used fear as a factor to get what they wanted before the victim realized that there was little actual risk.”

The attackers were using JavaScript pop-ups to keep Safari in an endless loop until the ransom was paid. No data was actually encrypted. Lookout explained:

The attack code creates a popup window, which infinitely loops until the victim pays the money. The ransom is paid by sending, via SMS, an iTunes gift card code to a phone number displayed on the scam website. The pop-up window error dialog on newer versions of iOS is actually the result of Mobile Safari not being able to find a local URL lookup, so it fails, but keeps presenting the dialog message due to the infinite loop in the code.

When Apple released iOS 10.3 earlier this week, it closed the attack vector by changing how Safari handled pop-up dialogs. If you updated and surfed onto a pesky site using mobile Safari now, you can close that tab instead of the entire app being locked up.

Victims of the scareware campaign who use older mobile Safari versions could clear the cache to regain control of the browser. Lookout called it a “quick fix” – go to Settings > Safari > Clear History and Website Data. “Once a person erases all web history and data, effectively starting Safari as a fresh app, the ransom campaign is defeated.”

Lookout reportedly discovered the attacks in the wild last month and shared the details with Apple.

The attack had previously been documented on a Russian website, Lookout said. The attackers purchased numerous domains to use in this campaign and the message displayed to victims was based on his or her country code identifier. Each message had a different email address to contact and appears to be part of a wider phishing campaign.

Lookout advised iOS users to update to version 10.3. Millions of users have already done so and most articles are full of praise for Apple’s newest iOS update. For the geeky, Apple also published a new iOS security whitepaper (pdf).

Join the Network World communities on Facebook and LinkedIn to comment on topics that are top of mind.
Related:

Ms. Smith (not her real name) is a freelance writer and programmer with a special and somewhat personal interest in IT privacy and security issues.

Must read: 10 new UI features coming to Windows 10
You Might Like
Don't Miss
linux action show lunduke1
Linux Action Show ends after 10-year run

With Jupiter Broadcasting’s announcement that it is shutting down the Linux Action Show podcast, Bryan...

032717blog jared kushner twitter
Trump son-in-law Jared Kushner tweets nothing like Trump

Jared Kushner has had a twitter account for eight years but uses it nothing like his famous...

free tech software storage
18 free cloud storage options

A review of 18 companies that offer free cloud storage

Resources
Top Stories
F5 to buy Brocade’s virtual ADC business?

The latest piece of the Brocade IP product suite hanging in the balance

mist beacons
Virtual beacons challenge Wi-Fi

Bluetooth Low Energy (BLE) beacons from Mist Systems and Cisco could revolutionize the consumer...

healthcare it
Technology health check

10 early-warning signs of a failing vendor or product.

icloud icon 2015
Ignore that call from “Apple” about an iCloud breach

Scammers leverage an alleged iCloud account leak that also is likely not real.