Mac Users Targeted by Fake FBI Notices from Ransomware Websites

Malwarebytes reports on a method cyber-criminals have long used against Windows users, and are now using to target Mac users.”Ransomware,” the hijacking of a user’s browser with a notice demanding a $300 payment to release control of the application, has long been the bane of Windows users, but Mac users have only rarely seen efforts such as this targeted against them.

Malwarebytes, via MacRumors:

The ransomware page is being pushed onto unsuspecting users browsing regular sites but in particular when searching for popular keywords.

Warnings appearing to be from the FBI tell the victim: “you have been viewing or distributing prohibited Pornographic content.. To unlock your computer and to avoid other legal consequences, you are obligated to pay a release fee of $300.”

The ransomware is not a sophisticated trojan or hijacking of the browser software in OS X, it is merely a webpage that uses JavaScript to load 150 iframes that require the user to confirm the dismissal of. The authors behind this piece of deviousness hope that users simply give up in the midst of dismissing the dialog boxes, and pay the $300 “ransom.”

A feature in OS X that reopens previously open windows when relaunching an app means users cannot simply close and reopen Safari to escape the notices. Users can however hold down the Shift key while relaunching Safari, and that will open the browser sans the previous session’s windows and tabs. The feature can also be disabled in the “General” pane of System Preferences by making sure “Close windows when quitting an application” is checked.

The report notes that users are being targeted based on popular search terms, one example cited is an image search result for Taylor Swift on Bing as seen in the video below.