iPhone Users Tricked With Crafty Ransomware Using Safari Vulnerability

If you haven’t noticed yet, there is a new iPhone update to version 10.3. It was just released to fix a vulnerability that would allow a popup box to be displayed and then put into a continuous loop in the Safari browser. This was found by security company Lookout and reported to Apple for a fix. Since the patch has been released, details have surfaced about how that hole was, and still is being used by attackers as a way to trick victims out of money.

Within Safari, if a phishing attack is successful, a popup appears
on select pages that accused victims of accessing illegal pornography or pirated music. The messaged claimed that all data on the phone was locked and would not be unlocked unless a code for an iTunes gift card in the sum of approximately $125 was sent to a specific mobile phone number. When the “OK” button was clicked, it just kept cycling in a loop and would not go away.

However, the popup appearing to be a form of ransomware was actually fake. The devices don’t get locked, but the attackers are using scareware in the hopes that victims send money before they realize that all they have to do to clear the dialogue box is clear the Safari browser cache.

Many think that Apple devices are safer than other operating systems. However, this ploy shows that nothing is invulnerable to cyber trickery or scams. Regardless of the operating system running on a device, it should always be kept up-to-date with the most recent patches and software versions.

In addition, use caution when browsing the Internet. It’s very easy to mistype a URL and go to the wrong page. Cyber thieves count on this happening and purchase domains that are so similar to popular sites; even one character off, that people often will make typos and land on those rogue pages. This is called typosquatting or domain jacking. If you are manually typing in an address, review it before hitting the “return” key.

In this case, the attackers purchased several domains and used the country code from victims’ devices to determine the popup message that was displayed. They also used icons such as logos from the National Security Agency (NSA) or Interpol to further legitimize the sites. Always be careful about clicking on links or attachments that arrive in email as well. If you don’t know the sender or are not expecting it, verify it’s real before clicking it. Often, scams like these are successful because someone didn’t do that.

© Copyright 2017 Stickley on Security