Sunday, 8 January 2017
Malware uses denial-of-service attack in attempt to crash Macs
A tech support scam is targeting Mac users with unusual malware which tries to crash the system then encourages the victim to call a phony Apple support number in order to get the system restored to normal.
Victims are infected with the malware via a malicious email or by visiting a specially registered scam website. Cybersecurity researchers at Malwarebytes warn that these websites are particularly dangerous for Mac users running Safari because simply visiting one of the domains can execute the attack.
Once the malicious code has been triggered, it will first of all check to see which version of OS X the victim is using and then attempt to trigger a a denial-of-service attack by repeatedly opens draft emails.
The DDoS continues drafting new emails in individual windows until so many windows are running that the system crashes due to lack of memory. The subject line of the emails tells the user a virus has been detected and to call the tech support number.
There are also instances of the malicious software opening up iTunes without any user prompting and displaying the fraudulent phone number there.
While users running the most up to date version of the Apple operating system - macOS Sierra 10.12.2 - don't appear to be affected by the DDoS attack against the mail application, so users should patch their systems to ensure the most protection against the attacks
This is far from the first support scam to target web users, with Microsoft users also regularly targeted by cyber fraudsters. Microsoft itself has previously warned Windows users to remain vigilant when it comes to tech support scammers malware.