Fake Police Ransomware Scam
Cyber Criminals used JavaScript from another domain to trick users into believing that their devices had been compromised by a police ransomware.
Apple Inc issued a quick iPhone software update to iOS (10.3) recently when its customers reported a series of ransomware attacks targeting Safari browser.
It all started in February 2017 when iPhone users were targeted with a ransomware note accusing them of watching X-rated and pirated content.
Furthermore, the cyber criminals claimed that it will be impossible to remove the ransomware until a sum of USD 124 (Euro 115) in the form of iTunes gift card is sent to a particular phone number.
The ransomware note was phony since clearing Safari browser’s cache would allow users to access the browser again.
The crooks were taking advantage of JavaScript in order to trick users into believing that their browser has been compromised due to illegal activities.
The JavaScript in this attack was taken from a website called pay-police.com and was slightly obfuscated using an array of hex values to masque behavior of the code. The pop-up attack on newer versions of iOS appeared to DOS (denial of service) the browser.
The researchers at IT security firm Lookout wrote in their blog post that “the attack doesn’t actually encrypt any data and hold it ransom. Its purpose is to scare the victim into paying to unlock the browser before he realises he doesn’t have to pay the ransom to recover data or access the browser.”
Simply put, the cyber criminals were abusing Safari browsers to scare unsuspecting users into pay money, however, Apple took the treat seriously and issued the update before these elements could further abuse the browser settings.
This is not the first time when Apple’s Safari browser has been used for malicious purposes. Previously, a critical flaw allowed state actors to use Safari browser to hack celebrities, activists and journalists.
It is a fact that Apple devices are the prime target for scammers and cyber criminals. Recently a group of hackers calling themselves Turkish Crime Family threatened to wipe up to 300 million iPhones unless Apple paid a massive amount in ransom.
You Might Also Read:
Ransomware 'customer support' Chat Reveals Criminals' Ruthlessness:
Browser Autofill Can Be Used To Steal Data:
Targeted Ransomware Attacks Are Focusing On Business: