A javascript ransomware that exploits Safari bug targets porn-addicted iOS users

But the remediation is really simple!


Andrew Blaich, Jeremy Richards and Kristy Edwards, security researchers at Lookout, have published a research that expose a new technique used by ransomware scammers to spread malware on iOs devices.

The attackers have been exploiting a flaw in Apple’s Mobile Safari that involve the way that the browser displays JavaScript pop-up windows: the exploit code injected on multiple websites caused an endless loop of windows to be displayed in a way that prevented the browser from being used.

After, the attacker websites posed says that the only way users could regain use of their browser was to pay a fine in the form of an iTunes gift card code to be delivered by text message.

Obfuscated array of JavaScript commands

In fact, recovering from the pop-up loop was as easy as going into the device settings and clearing the browser cache, but the scammers particularly target those who viewed porn or other controversial content, in order to acting also a social engineering tactic:

Before the iOS 10.3 fix was available, the victim could regain access without paying any money. Lookout determined the best course of immediate action for the user who initially reported it was to clear the Safari cache to regain control of the browser. (Settings > Safari > Clear History and Website Data) Once a person erases all web history and data, effectively starting Safari as a fresh app, the ransom campaign is defeated.

To clear browser history on iOS: Settings > Safari > Clear History and Website Data

How prevent the attack?

Apple patched the vulnerability on Monday with the release of iOS version 10.3 so, all users are strongly encouraged to upgrade Apple devices.
See https://support.apple.com/en-us/HT207617 for details.


References

  • More technical information on Lookout article:

https://blog.lookout.com/blog/2017/03/27/mobile-safari-scareware/

  • iOS 10.3 release information:

https://blog.lookout.com/blog/2017/03/27/mobile-safari-scareware/

Comments