Watch out for these high-pressure Apple malware scams

Share on Twitter
Share on Google+

Share on LinkedIn
Share on Reddit
We noticed a lull in recent months in emails and web pages that SHOUT THAT YOUR MAC IS INFECTED and then offer free advice on what to do next – “free” advice that you should urgently buy a product to remove a threat that doesn’t exist, that is.
But, then it happened.
Like the proverbial buses that keep you waiting for ages and then three come along at once…
…we visited an innocent-sounding website yesterday, only to be bombarded with three different Apple-focused scams in quick succession.
Sophos Home
Free home computer security software for all the family
Learn More
In old-school Windows technical support scams, the scammers often made an effort to avoid actually stating that they worked for Microsoft – they’d say things along the lines of being a team “working with Windows” rather than “a division of Microsoft”.
That distinction made no difference in practice – fake support scams are based on a pack of lies anyway – but seemed to matter greatly to the scammers, as though a tame lawyer had advised them that the ramifications would be worse if they actually claimed to be Microsoft.
(In fact, in at least one case, the scammers turned out to be living a double life – Microsoft Gold Partners by day; con artists by night.)
But in this case, the scammers have unashamedly stolen Apple’s name and brand, claiming to be the Apple Support Center:
Indeed, if you scroll down on the page run by the crooks, you’ll see it is stolen outright from Apple’s official pages – the only difference, surprisingly, is that the crooks have neatened up the layout slightly, avoiding the ugly orphaned word should on a line of its own:
This page comes with a voiceover that churns out a whole list of falsehoods about your Mac, and threatens dire consequences from Apple if you don’t act (words in boldface are incorrect in the audio file itself):
document.createElement(‘audio’);

国农科技:关于筹划重组停牌期满申请继续停牌的公告
Critical alert from Apple Support. Your Mac has an alert. Your system is infected with viruses, spywares and pornwares. These viruses are sending your credit card details, Facebook logins and personal emails to hackers remottly. Please call us immediately on the toll-free number listed so that our support engineers can walk you to the removal process lowver the phone. If you close this window before calling us, we will be forced to disable and suspend your Mac device to prevent further damage to our network. Error number 268D3.
Refreshing the page a few times produced a slew of different redirections, mostly offering to sell us various domain names or to let us stream TV shows, but we were soon faced with a similar but different scam:
When we clicked [Proceed >>], we were presented with a fake anti-virus scan, just like the old days, followed by a warning to download and install a third-party Mac utility, from which we assume the crooks will receive some sort of affiliate payout:
A few more page refreshes later, and the third bus, sorry, scam appeared, this time in the guise of a fake Flash update (an amusing irony considering that Adobe actually skipped Flash Patch Tuesday in October 2017, with no update provided):
We weren’t able to find whether the crooks would have foisted a pay-to-play utility on you, or tried to infect you with malware, because the download link – fortunately for any potential victims – wasn’t working:
What to do?
老总应确保安全预算得到了有效的使用,同时满足监管的要求。不应该试图封锁一切,我们应重新分配资源,重点保护最危险的数据。尽可能使用自动化方式来管理用户数据,以便节约资源。
Macs don’t attract anywhere near the amount of attention from cybercriminals as Windows computers, but “much less than” is not the same as “zero”.
In other words, if you’re a Mac user, be sure to follow the same sorts of online safety precautions as your Windows cousins:
Use a real-time Mac threat protection product. Look for one that not only has an on-access virus scanner to prevent malware from running, but also has live web protection to stop you arriving at risky URLs in the first place. (Sophos Home is 100% free for Windows and Mac.)
Don’t fall for offers of support (or threats of disconnection) that arrive unsolicited. If you didn’t ask for technical help, but it suddenly falls into your lap, just say, “No”.
Beware of threat detection tools where the scan is free but when a “threat” is found, you suddenly have to pay. There are plenty of legitimate free tools available, including our own Sophos Home, where detection, prevention and cleanup are all included.
If in doubt, don’t rely on unknown web pages for advice. Seek out the help of a friend: someone whom you know, and like, and trust.
安卓广告成黑色产业链的根本原因并非移动广告有巨大的市场,贪小便宜才是关键,“打包党”通过反编译国外的商业应用,加入恶意广告变身“免费”应用,靠广告来赚钱,这畸形的市场不是防病毒公司或移动安全公司能有效解决的。

猜您喜欢

职业健康、环境保护、安全生产
CyberSecurity网络安全意识——是否该分享4G无线给工作电脑
网络安全法视频宣传片 第二集 国家网络安全的现状与重要性概述
习近平这样抓作风建设 /n.q?query=%CF%B0%BD%FC%C6%BD%D5%E2%D1%F9%D7%A5%D7%F7%B7%E7%BD%A8%C9%E8&mode=1&p=42010301
ASGAJJ HEALTHINSURANCEDAILY
年度安全会议上的老问题与新战略