Fake Police Ransomware Scam

Cyber Criminals used JavaScript from another domain to trick users into believing that their devices had been compromised by a police ransomware.

Apple Inc issued a quick iPhone software update to iOS (10.3) recently when its customers reported a series of ransomware attacks targeting Safari browser.

It all started in February 2017 when iPhone users were targeted with a ransomware note accusing them of watching X-rated and pirated content. 

Furthermore, the cyber criminals claimed that it will be impossible to remove the ransomware until a sum of USD 124 (Euro 115) in the form of iTunes gift card is sent to a particular phone number.

The ransomware note was phony since clearing Safari browser’s cache would allow users to access the browser again. 

The crooks were taking advantage of JavaScript in order to trick users into believing that their browser has been compromised due to illegal activities.

The JavaScript in this attack was taken from a website called pay-police.com and was slightly obfuscated using an array of hex values to masque behavior of the code. The pop-up attack on newer versions of iOS appeared to DOS (denial of service) the browser.

The researchers at IT security firm Lookout wrote in their blog post that “the attack doesn’t actually encrypt any data and hold it ransom. Its purpose is to scare the victim into paying to unlock the browser before he realises he doesn’t have to pay the ransom to recover data or access the browser.”

Simply put, the cyber criminals were abusing Safari browsers to scare unsuspecting users into pay money, however, Apple took the treat seriously and issued the update before these elements could further abuse the browser settings.

This is not the first time when Apple’s Safari browser has been used for malicious purposes. Previously, a critical flaw allowed state actors to use Safari browser to hack celebrities, activists and journalists.

It is a fact that Apple devices are the prime target for scammers and cyber criminals. Recently a group of hackers calling themselves Turkish Crime Family threatened to wipe up to 300 million iPhones unless Apple paid a massive amount in ransom.

HackRead

You Might Also Read: 

Ransomware 'customer support' Chat Reveals Criminals' Ruthlessness:

Browser Autofill Can Be Used To Steal Data:

Targeted Ransomware Attacks Are Focusing On Business:

 

 

« Drones, Satellites And Cyber Warfare
US Intelligence Agencies Fear Insiders As Much As Spies »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

Alvacomm

Alvacomm

Alvacomm offers holistic VIP cybersecurity services, providing comprehensive protection against cyber threats. Our solutions include risk assessment, threat detection, incident response.

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

GlobalSign

GlobalSign

GlobalSign is an identity services company providing cloud-based, PKI solutions for enterprises needing to conduct safe commerce, communications, content delivery and community interactions.

Happiest Minds Technologies

Happiest Minds Technologies

Happiest Minds offers domain centric solutions in IT Services, Product Engineering, Infrastructure Management and Security.

Cyversity

Cyversity

Cyversity's mission (formerly ICMCP) is the consistent representation of women and underrepresented minorities in the cybersecurity industry.

iONLINE

iONLINE

iONLINE delivers high quality IT services and solutions to businesses in Azerbaijan.

Nordic Cyber Summit

Nordic Cyber Summit

Nordic Cyber Security Summit addresses a wide range of technological issues from the IT Security spectrum and also provides a wider perspective from all aspects of the industry.

GCHQ Apprenticeships

GCHQ Apprenticeships

GCHQ, the UK intelligence and security organisation, offers a unique three-year Cyber Security Degree Apprenticeship with employment on successful completion.

Acceptto

Acceptto

Acceptto offers the first unified and continuous authentication identity access platform with No-Password.

CyberGuard Technologies

CyberGuard Technologies

CyberGuard Technologies provides a suite of fully managed end-to-end security services from its 24/7 UK security operations centre.

Centraleyes

Centraleyes

Centraleyes (formerly CyGov) is a cutting-edge integrated cyber risk management platform that gives organizations unparalleled understanding of their cyber risk and compliance.

Sectyne

Sectyne

Sectyne is a full-stack cyber consultancy committed to providing tailored services, advisory consultations, and training.

Progress Partners

Progress Partners

Progress Partners is a corporate advisory firm that works with buyers and sellers of emerging growth companies to complete M&A or private placement transactions. Our sectors include cybersecurity.

Forta

Forta

Forta is a real-time detection network for security & operational monitoring of blockchain activity.

NorthRow

NorthRow

NorthRow provides digital transformation compliance solutions to help businesses manage regulatory and financial crime risks.

Netox

Netox

Netox is a comprehensive IT service provider that combines IT support services, IT solutions and specialist services; specializing in cybersecurity solutions.

MLSecOps Community

MLSecOps Community

The MLSecOps Community is a collaborative space for machine learning security experts and industry leaders to connect and shape the future of AI/ML security.

Scribe Security

Scribe Security

Scribe security provides end-to-end software supply chain security solutions.