14 DAY TRIAL // A new ransomware campaign sees criminals exploiting Apple's iOS Safari browser, looking to get money from people who viewed adult content or other sensitive content on their phones. With the release of Monday's iOS patch, the vulnerability was fixed.
Researchers from mobile security provider Lookout are the ones who spotted the problem and alerted Apple. The flaw involved the way that Safari displayed JavaScript pop-up windows as the exploit code planted on multiple websites caused an endless loop of windows to be displayed, basically preventing the browser from being used.
The attackers falsely claimed that the only way users would be able to get rid of the annoying pop-ups and regain control of their browsers was to pay a fine in the form of an iTunes gift card code which was to be delivered via text message.
Recovering control of Safari was actually quite simple and only involved going into the device settings and clearing the browser cache, but since many were too embarrassed to ask for outside help given the sensitive nature of the content they were watching, they were stuck with an endless loop of pop-up windows.
"The attackers effectively used fear as a factor to get what they wanted before the victim realized that there was little actual risk," reads the blog post signed by researchers Andrew Blaich and Jeremy Richards.
Old scheme, new fix
The JavaScript used in the attack might have been developed for older versions of iOS, including 2014's iOS 8, researchers said. This type of attack was previously documented on a Russian website. The abuse of pop-ups, however, was still possible in Mobile Safari up until version 10.3, but now that the problem has been fixed, researchers decided to publish their report.
"The JavaScript we obtained from the pay-police[.]com domain was slightly obfuscated using an array of hex values to masque behavior of the code. The pop-up attack on newer versions of iOS appears to DOS (denial of service) the browser," researchers write in their blog post.
It seems that the group behind the scheme purchased a large number of domains trying to catch users seeking adult content on the Internet in order to coerce them into paying a ransom.
