Scareware scammers lock iOS Safari

Scareware scammers lock iOS Safari

Scareware scammers lock iOS Safari

Category : Blog

Scareware scammers lock iOS Safari

Scareware scammers lock iOS safari to extort ransom money from iOS users. As researchers Andrew Blaich and Jeremy Richards at the San Francisco- firm explain in a blog post based mobile security:

“The user reported that he had lost control of Safari after visiting a website and was no longer able to use the browser. The user provided a screenshot (below) showing a ransomware message from pay-police[.]com, with an overlaid ‘Cannot Open Page’ dialog from Safari. Each time he tapped ‘OK’ he would be prompted to tap ‘OK’ again, effectively putting the browser into an infinite loop of dialog prompts that prevented him from using the browser.”

The scammers get this infinite pop-up loop by using the fact that Mobile Safari handled pop-up dialogs on a per-app basis. In other words, if an iOS user encountered a JavaScript-based pop-up ad in Mobile Safari, they saw it across all their open tabs. Such behavior left many victims to use the app ie, unless they agreed to the attackers’ demands by sending over a SMS message containing a code for 100 pounds worth of iTunes gift cards.

Scareware scammers lock iOS Safari
The infection reported to Lookout occurred after the user visited pay-police[.]com. But this campaign, which leverages Javascript code stolen from another operation, uses multiple URLs to display different messages based on a user’s country code identifier. These payloads originate from unique phishing domains and email addresses, like “us.html networksafetydept@usa[.]com” for the United States and “nz.html cybercrimegov@post[.]com” for New Zealand.

Blaich and Richards elaborate on this point:

“The victim could regain access without paying any money. Lookout determined the best course of immediate action for the user who initially reported it was to clear the Safari cache to regain control of the browser. (Settings > Safari > Clear History and Website Data) Once a person erases all web history and data, effectively starting Safari as a fresh app, the ransom campaign is defeated.”

Apple has since made it even easier. With the recent update to iOS (version 10.3), the tech giant changed Mobile Safari’s handling of pop-ups to a per-tab basis. This means that users who encounter persistent pop-ups in Mobile Safari can now close out the affected tab and switch to another one.
To protect against this type of campaign, every users should avoid suspicious links and email attachments and should be careful about what websites they visit on all their devices.

Most Popular Training Courses at Indian Cyber Security Solutions

Summer Training for CSE, IT, BCA & MCA Students 

Network Penetration Tester Training

Ethical Hacking  training

Python Programming training

CEH V9  training

Diploma in Network Security Training

Secured Coding in Java

Certified Network Penetration Tester 

Certified Web Application Penetration Tester 

Certified Android Penetration Tester 

Certified Python Programming 

Advance Python Training 

Reverse Engineering Training  

Amazon Web Services Training  

VMware Training 

Leave a Reply