Ransomware Websites Posing as FBI Targets Mac OS X — How to Stop it

Contrary to popular belief, Macs and OS X are susceptible to malware. An interesting ‘Ransomware’ attack is going around hitting users of Safari in OS X.

OS X Ransomware Safari

Some thieving crooks have started targeting OS X users with something called ransomware. Basically, you will get a notice claiming to be from the FBI. It says that you must pay $300 so that you can use Safari again.

OS X Malicous Code in Safari

The notice is something like this:

you have been viewing or distributing prohibited Pornographic content.. To unlock your computer and to avoid other legal consequences, you are obligated to pay a release fee of $300.

The worst part is that if you choose to wisely ignore the message, it is put in an infinite loop-like stage. It uses Javascript to load 150 frames, and you must click through all of them. Furthering the problem is that Mac Apps launch where you left them. That in itself is normally convenient, but in this case it can make things bad. Rather than starting with a fresh browser window, if you quit Safari, it will reopen exactly where you left off–with the stupid ransomware message staring at you again. This is an old hack Windows users suffered from in IE for quite some time, and now the idea has now been ported to OS X. It leverages Safari’s Restore from Crash feature to keep coming back.

We haven’t encountered this ourselves. We hope we don’t; it looks annoying. The best thing you can do when this happens is to reset Safari. Do this in the Safari menu. All items in the “Reset Safari” menu should be checked off. This will clear history, cache … everything. When you relaunch Safari, it won’t start where you left off.

Also, MacRumors suggests an even easier way. Hold down the Shift key while you relaunch Safari. This will ensure that the software doesn’t launch with your last window open. Let’s hope these folks a shut down quickly.

The other solution is one of these guys over the Enter key :)


For more details on this OS X Safari exploit, check out the MalwareBytes blog.

Click to comment

Leave a Reply

Your email address will not be published. Required fields are marked *


To Top