FBI ransomware scam finds new home on the Mac

Long a scourge for Windows customers, a difficult-to-remove threat known as "ransomware" is targeting Safari users as well.

Researchers at security firm Malwarebytes reported Monday that they have discovered a strain of Mac OS X ransomware, also known as "scareware," which essentially takes a victim's computer hostage until they pay a certain fee to unlock it.

In the case of the threat that Malwarebytes came across, users, after visiting a website that had been seeded with malicious code, have their browsers hijacked and receive a message claiming to come from the FBI, senior security researcher Jerome Segura explained in a blog post.

The faux alert tries to intimidate the victim with a legitimate-looking post that says their "browser has been blocked" because their computer was used to either violate copyright laws, view porn or initiate illegal access. (In some instances, this type of threat claims users' computers are infected by malware, and they must pay a fee to remove the infection).

The scam demands $300 from the victim, which can be paid through Green Dot MoneyPak by purchasing a prepaid card and transferring the value to the fraudsters.

Paying the scammers is not a recommended option, but neither is trying to "force quit" the web page containing the bogus threat, according to Malwarebytes. Thanks to the Safari browser's auto-restore feature, the page only will return when the browser is started back up.

Instead, users should click on the "Safari" tab on the navigation bar and choose "Reset Safari," ensuring all of the boxes are checked. Then hit "Reset."

The ransomware is being foisted from websites to which victims are lured after searching for popular search terms, Segura said. For example, he stumbled upon the scam after searching for "Taylor Swift" on Bing Images. Segura did not say how widespread the threat is.

Windows users are well inured to this type of threat, but there have been hints that crooks are heading in the same direction on Macs. In 2010, security researchers discovered what is believed to be the first ever proof-of-concept (PoC) ransomware code targeting the Mac OS X.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.