Tech Support Scammers Targeting Mac Users with DoS attacks

Scammers are sending malware-infected link to Mac users that hijacks Mail App and Safari.

What happens when this malware executes itself / Image Source: Malwarebytes.

The IT security firm has revealed that scammers are targeting Apple‘s Mac users with a new kind of malware that hijacks its Mail App and Safari browser to conduct denial of service (DOS) attacks.

The attackers direct these apps to continually draft emails till the machine runs out of RAM and crashes eventually. The report also points out that the attack can only be blocked with latest Sierra update. Remember that Mac devices running on latest betas or macOS 10.12.2 will not be affected by the malware.

More: Latest iMessage Hack Crashes iPhone within Minutes

It is worth noting that the malware keeps drafting emails only but never actually sends these emails. Therefore, this campaign cannot be termed as a spam but a typical Denial of Service attack. The malware used in this campaign resembles the Windows tech support scam that compels owners to make a call to a bogus tech support number or to accept a call made from a fake number.

Jérôme Segura of Malwarebytes states that the campaign involves installation of the malware for which a malicious link is delivered to the Mac user through an email. The emails are being drafted from two different email accounts, which are: dean.jones9875@gmail.com and amannn.2917@gmail.com.

“The malicious web page will first determine the version of OS X via a user agent check and push two different versions of this denial-of-service. The first variant has code that will keep drafting emails (but does not actually send them) incrementally and cover the previous open windows. The second variant will instead open up iTunes,” writes Segura.

Image Source: Malwarebytes.

Any mail that you receive from the abovementioned addresses should be deleted immediately. and keep in mind that currently, there are different websites involved in hosting the malware. Some of these websites are: safari-get[.]com, safari-get[.]net, safari-serverhost[.]com and safari-serverhost[.]net.

Solution:

Update your Mac to the latest version since these flaws may have been fixed with macOS Sierra 10.12.2 as Mac users running a fully up-to-date OS do not seem to be affected by the Mail app DoS.

More: Apple Users Hit with Large-Scale Smishing Scam

This is why we always advise readers never to click on the unknown and unverified link. In this case, you must ignore any files or emails that contain the links mentioned above.

Popular HR Deals

Written by Waqas

Waqas Amir is a Milan-based cybersecurity journalist with a passion for covering latest happenings in cyber security and tech world. In addition to being the founder of this website, Waqas is also into gaming, reading and investigative journalism.