Targeting Apple mobile devices, it makes the user believe he or she has been the victim of a ransomware attack by using simple Javascripts to lock the Safari mobile browser into an endless loop, displaying a message that all the user’s files have been encrypted. It demands payment in the form of an iTunes gift card.
Fortunately, this malware doesn’t actually encrypt files. It merely relies on fear to get victims to pay up before they realize that it doesn’t pose a legitimate threat. Now, it poses even less of one, because engineers at Apple have reverse-engineered how the malware functions and closed the security hole that allowed the exploit to begin with.
If you haven’t already updated your iOS, grab the latest version today and get protected from this latest annoyance posing as a threat.
This, of course, only underscores the lengths that the hacking community will go to in an effort to get something of value from any unsuspecting user. Although scareware will probably never be as big as genuine ransomware, it’s certainly an innovative attack vector, and fear is a powerful weapon indeed.
What makes this particular strain so effective is that it also incorporates an element of shame, informing the user that the reason their device has been locked is because they’ve been surfing internet porn sites. The one-two punch of fear and shame has been sufficiently persuasive to convince a number of infected users to pay up before they even realize that none of their files have actually been encrypted.
We’re likely to see similar attacks in the months ahead as the code finds its way into increasing numbers of hands, but for the moment, there’s an easy fix. Just download the latest security update from Apple, and you’re all set.