14 DAY TRIAL // Cybercriminals are once again targeting Apple customers, this time using malware that can easily crash Macs by creating draft emails over and over again until the device freezes due to system overload.
Security company Malwarebytes warns that a new wave of attacks has already been spotted online, trying to exploit vulnerabilities in Safari and the Mail app to use the entire amount of RAM and crash the device.
How the malware works
Basically, the malware does a very simple thing: it automatically creates email drafts continuously until the Mac is no longer capable of handling the task and crashes.
In order for a device to be successfully installed, users must first click on a link delivered via email, so this is pretty much the first thing that you should not do. Do not open links that arrive in your inbox and whose sender you don’t know because there’s a good chance that it spreads malware.
Malwarebytes has been quoted as saying that users should delete emails coming from these two email addresses without reading them: [email protected] and [email protected]. Other email addresses might be used as well, so you'd better keep an eye on your inbox to make sure you’re on the safe side.
The security firm claims that the malware spreads using a number of compromised websites, including (but not limited to) the following: safari-get[.]com, safari-get[.]net, safari-serverhost[.]com and safari-serverhost[.]net. Of course, many more might be compromised already, so again, don’t click on links that you don’t trust.
How to block attacks
First and foremost, if you’re running the latest version of macOS (10.12.2), you’re already secure. Malwarebytes says that Apple has already included a fix in this particular version and in the latest betas, but this doesn’t necessarily mean that you’re entirely safe and you should open any links without caution.
Additionally, there’s another way to block attacks using filters that can help block emails sent from the aforementioned two addresses (note that this is only efficient if the malicious links are sent from these emails). Create a rule in the Mail app preferences to automatically delete messages if the new messages contain the [email protected] and [email protected] in the “from” field.
Mail should then automatically process all your new emails and remove them automatically should they come from these emails known for spreading malware.