OS X Users Hit by Ransom Malware Posing as FBI


Hopefully by now the notion has been dispelled that Macs, iOS and OS X are inherently more secure because, well just because. All operating systems have security weaknesses and that is just a fact. If you’re not aware of this it’s easily explained in the fact that up until a handful of years ago, if you wanted the largest audience possible to exploit with malware, Windows was the biggest target by far. So the bad guys designed it that way. Things have changed though and alternative products like Apple’s have gotten more attention from the parties that create and deliver nasty stuff to ruin your computing life, steal data, or just spy.

This latest incident was reported by Malwarebytes’ Unpacked blog yesterday. The issue here is “ransomware” – malware designed to hijack your computer and demand you pay a fee to free it from the issue. (Here’s a hint: don’t pay it – your computer wouldn’t be set free if you did). What’s surprising some people is that this latest piece claims to be coming as a message from the FBI, telling users that they have violated one of a list of violations including privacy, pornographic content, even notification that they are infected with malware. Also – it’s affecting OS X machines. The infection of course claims to be able to release your browser for a $300 fee. The ruse is infecting systems when they search for popular keywords and appears to be coming from an FBI-type of url:

A quick look at the address bar shows an interesting URL: fbi.gov.id657546456-3999456674.k8381 . com, the bad guys are clearly trying to fool users.

The ransomware message is apparently quite persistent and users may be inclined to try and pay their way out of it. Makes sense, I mean someone is making this stuff for a reason, right? Anyway, the ransomware page persists through repeated attempts to close Safari by packing itself into the “restore from crash” feature. Apparently there are a couple of fairly easy fixes that involve resetting Safari or restarting Safari while holding down the Shift key.

Scams like this have been part of the Windows landscape for a long time. There is some real potential that people who have felt security in the use of what they believe is a “virus-free” system will fall for this hard. It’s an interesting piece of social engineering combined with financial motive that will only increase in occurrences with time. There are no reports thus far of how many systems may have been attacked by this particular issue.