Ransom scam exploits Apple iOS Safari flaw to target porn viewers

The scareware campaign duped victims into paying a ransom.

screen-shot-2017-03-28-at-10-04-13.jpg
(Image: Lookout)

Apple has fixed a security flaw in iOS exploited by scam artists to persuade victims to pay a fee to unlock the Safari browser.

This week, the iPad and iPhone maker released an update, iOS10.3, which changes how Mobile Safari handles JavaScript pop-ups, eradicating an attack vector that allowed cyberattackers to utilize pop-up tabs to lock victims out of the browser.

While now patched, security experts from Lookout released research on Monday that describes how the handling of pop-up dialogues was used by scammers to make victims pay up a ransom in return for restoring Mobile Safari functions.

According to the team, those most commonly targeted through this campaign were watchers of pornography and visitors to controversial or pirate websites.

The scam artists would target victims visiting specific web domains and would send a barrage of pop-up notifications that prevented the user from using the browser.

Together with a "Cannot Open Page" message from Safari, every time the victim clicked "OK," they would be forced to tap the button again, effectively creating an infinite loop of dialogue prompts.

Among the messages would be threats that the victim's device "has been locked," and in punishment, the user "has to pay 100 pounds with an iTunes pre-paid card" to restore access to the browser.

Playing upon this fear, the scammers registered domain names such as police-pay.com to make users believe that the adult or pirate material they were looking for had been detected by law enforcement and an automatic fine -- and locked browser -- was the result.

"The attack was contained within the app sandbox of the Safari browser; no exploit code was used in this campaign, unlike an advanced attack like Pegasus that breaks out of the app sandbox to install malware on the device," the researchers noted.

The fear element to this campaign is critical to its success, as an informed user would need to do nothing more than clear the Safari cache via iOS settings to remove the problem -- and there was no need to pay anything as the attack does not encrypt any data or truly lock victims out of their browser.

See also: Remove ransomware infections from your PC using these free tools

Lookout researchers alerted Apple to the problem, which has now been patched in iOS 10.3. Apple has close the security loophole by changing how Safari handles pop-ups, forcing them to open in tabs rather than taking over the entire application.

VIDEO: Follow these steps to protect your iCloud account

Newsletters

You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
See All
See All