Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Malware & Threats

Mac Crashing Attack Method Used in Tech Support Scam

A snippet of malicous code designed to crash Mac OS machines is being delivered through drive-by downloads as part of a campaign designed to trick users into calling a fake tech support service, security researchers warn.

A snippet of malicous code designed to crash Mac OS machines is being delivered through drive-by downloads as part of a campaign designed to trick users into calling a fake tech support service, security researchers warn.

Tech support scams have been around for a long time and have used numerous attack methods, yet this newly discovered tactic stands out because it attempts to scare users into calling for assistance by using a denial-of-service attack instead of flooding their desktops with the usual set of fake alerts.

Previously seen tech support scams were either part of the ‘browlock’ category, when they are delivered through the browser, or are considered screen lockers, should malware be downloaded onto the targeted machine.

Recently, however, security researchers observed a trend where scammers cause the targeted machines to crash. One such attack was observed in November, when the cybercriminals behind it were leveraging a specific HTML5 API (history.pushState) to cause the browser to freeze.

Malwarebytes Labs security researchers now reveal that attackers are targeting Apple’s Safari browser on Macs through a newly registered scam website that began making the rounds late last year.

On machines running older operating system versions, the denial of service (DoS) attack would freeze the machine without requiring user interaction. As soon as the user visited the malicious site, the malicious code on the webpage generates a series of email drafts, eventually causing the machine to run out of memory and freeze.

However, the security researchers determined that the attack started with the malicious page first determining the OS X version, courtesy of an integrated user agent check. Next, the site would push two different versions of a denial-of-service malware.

A quick look at the code revealed that the first variant was meant to continuously draft emails, but that it lacked the functionality to actually send them. However, by drafting the messages incrementally, the code would eventually cover the previously opened windows and eventually ended up crashing the machine.

Advertisement. Scroll to continue reading.

The attack, the security researchers reveal, is ineffective against machines running macOS Sierra 10.12.2 or above, likley because the underlying issues were patched in a recent release. While Mac users running the up-to-date OS aren’t affected by the “Mail app DoS,” older operating system versions are still affected.

The second attack variant was observed opening up iTunes instead, and the security researchers say that even macOS Sierra 10.12.2 users are at risk. The malicious code used in this attack can still open iTunes without a prompt being displayed in Safari.

*Updated to clarify that this attack is browser-based and that malware is not installed on Mac systems in this attack scenario

Related: U.S. Indicts 61 in Indian Call Center Scam

Related: Phishing Attacks Hit the C-Suite With High Value Scams

Written By

Ionut Arghire is an international correspondent for SecurityWeek.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join us as we delve into the transformative potential of AI, predictive ChatGPT-like tools and automation to detect and defend against cyberattacks.

Register

As cybersecurity breaches and incidents escalate, the cyber insurance ecosystem is undergoing rapid and transformational change.

Register

Expert Insights

Related Content

Cybercrime

The changing nature of what we still generally call ransomware will continue through 2023, driven by three primary conditions.

Cybercrime

A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...

Malware & Threats

The NSA and FBI warn that a Chinese state-sponsored APT called BlackTech is hacking into network edge devices and using firmware implants to silently...

Cybercrime

No one combatting cybercrime knows everything, but everyone in the battle has some intelligence to contribute to the larger knowledge base.

Application Security

Virtualization technology giant VMware on Tuesday shipped urgent updates to fix a trio of security problems in multiple software products, including a virtual machine...

Malware & Threats

Unpatched and unprotected VMware ESXi servers worldwide have been targeted in a ransomware attack exploiting a vulnerability patched in 2021.

Cybercrime

The recent ransomware attack targeting Rackspace was conducted by a cybercrime group named Play using a new exploitation method, the cloud company revealed this...

Malware & Threats

Threat actors are increasingly abusing Microsoft OneNote documents to deliver malware in both targeted and spray-and-pray campaigns.