Safari mobile scareware causes Apple iOS update

Apple released a security update that was intended, among other things, to patch its Safari browser on iOS devices. The reason for the patch was a report by researchers at the security firm Lookout. In the report, Lookout detailed a scareware campaign that made users think they were infected with ransomware, when actuality they weren’t in any immediate danger.

The hackers (of unknown origin at this time) designed the scareware to exploit popup dialogs in such a way that users could not access Safari. The users in question are met with threatening, incessant messages that state that their iPhone is locked and they must pay a fee to unlock it. Examples of these messages can be found below:

The thing is, there actually hasn’t been any infection at this point, and users don’t have to pay anything. As Lookout researchers Andrew Blaich, Jeremy Richards, and Kristy Edwards state in their report, “A knowledgeable user could restore functionality of Mobile Safari by clearing the browser’s cache via the iOS Settings — the attack doesn’t actually encrypt any data and hold it ransom.” No actual encryption occurs as this is merely scareware, typically in this case found on pornography sites and some media download sites, so no ransom needs to be paid to return to their browser. The source code of the malware shows that it is coded via JavaScript to create a denial-of-service attack (hence, the incessant popups).

Unfortunately, there have been enough cases of this that there have likely been numerous victims who actually paid the fake ransom. It is inevitable that people panic in the cases of scareware; that’s what makes it so effective. As mentioned before, however, Apple has released iOS update 10.3 in response to the campaign. As Lookout explains, Apple has altered its mobile Safari browser so that it changed how it handles website popup dialogs, “making them per-tab rather than taking over the entire app.”

Any iOS user should be safe from this scareware upon application of this update. If you have not yet updated to 10.3, do so as soon as possible as you are still vulnerable to this nuisance.

Photo credit: Pixabay

About The Author

Leave a Comment

Your email address will not be published. Required fields are marked *

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Scroll to Top