contadores de paginas web Saltar al contenido

Fake FBI page hijacks Safari to trick Mac users

pagina falsa FBI engaña usuarios de mac

Days ago, he commented on the case of a ransomware-type application that seeks to cheat Android users for money, this time the news is transferred to the world of Apple with a variant that seeks to convince Mac users to pay a supposed fine.

The hook is a false FBI warning on illegal activities detected on the computer, the appearance is quite convincing as can be seen in the following screenshot:

It is a fraudulent page, in the URL of the browser you will notice that it pretends to be the web but it's actually a .com domain registered last week (see whois) that has nothing to do with the FBI.

To catch victims, the false page is propagated with various techniques such as Black Hat SEO, once users finish it, it is normal for them to ignore it and try to close it, but that's where the best part of the deception comes into play.

When trying to close it By means of a script, alerts begin to appear in pop-up windows that insist on illegal activities and the payment of the supposed fine to unlock the equipment.

Even if Safari is forced to close the page reappears thanks to the browser restore function that loads the last page viewed. This makes the deception even more credible for many users.

As we can see, the technique is very similar to what we have seen many times in Windows but with the difference that the computer is not infected or compromisedIt is not a Trojan or Mac malware, it is just JavaScript code on a page that prevents closing the Safari window.

The solution? It is simpler than it seems, simply go to the main menu of Safari and reset it to delete temporary data (cookies, history and cache). On the Malwarebytes blog you can also see a video with these steps and how this ransomware works.

Another solution that users have commented is to force the closing of the browser and when restarting it, press and hold the key of the capital letters so that the last session is not restored, this avoids eliminating the temporary and other settings … although the first option is preferable so that it does not traces of this spam page remain.