FBI Ransomware trojan now tricking Mac users into paying $300 fines

You’ve been caught viewing prohibited pornographic content. Now you need to pay $300 to “unlock” your Mac … or take your computer in for a potentially embarrassing servicing.

Catch-22?

That’s the premise behind a new version of the FBI Ransomware browser trojan that is targeting Mac users. (No, it’s not actually from the FBI, that’s just the scam that it’s trying to get you to buy into.) And no matter how much your spouse might refuse to believe you, you don’t have to be viewing porn to get it. In fact, according to security expert Jerome Segura, all you have to do is search the web for a few popular keywords.

The secret of this “trojan?” There’s no actual infection, but the victim believes there is.

“That’s the beauty of the scam,” Segura told me. “You’re not actually infected — they make you think that you are, and most users believe it — and that’s the trick.”

Once your Safari browser hits the FBI ransomware, which is simply a few lines of Javascript code, you appear to be toast:

The browser window can’t be closed easily, and a force quit of Safari — which most Mac users don’t know how to do — will simply bring it right back when you open Safari again thanks to Apple’s helpful restore-from-crash feature. There are only four options to remove this.

First, Segura writes, you could close the page 150 times, each time clicking Leave Page when Safari asks you to confirm. That’s because the Javascript that makes up FBI ransomware spawns 150 iframes (layers in a web page) dynamically. Or you could reset Safari from the Safari menu — which will wipe all your history, saved names and passwords, autofill text, and more. Or you could simply quit Safari and start using Chrome or Firefox.

Or you could pay the $300.

Above: FBI Ransomware is not related to the real FBI.

Image Credit: Flickr

“The bad guys know how to use social engineering to entice victims as, for example, I was led to this locked page by doing a search for Taylor Swift nude on Bing images,” Segura writes. “The victim will feel they may have actually being doing something wrong and got caught and ashamed will pay the ‘fine.'”

There is another solution: Change your browser. Google’s Chrome browser, for instance is not vulnerable to this attack.

“If you’re using Chrome on a Mac, the chances of getting infected are almost nil,” Segura told me. “Chrome is usually safer because it’s a browser that’s been built with security in mind. There have been multiple contests targeting browser software, and Chrome has rarely ever failed.”

So unless you want to be socially engineered into paying $300, or want to have to reset your browser, you might consider other options. Traditionally, Segura told me, Safari, Internet Explorer, and Firefox have been much more vulnerable than Chrome.

Segura, security researcher though he is and whose work is keeping people safe, couldn’t stop a little bit of admiration from entering his voice when discussing FBI Ransomware:

“It’s all about the social engineering aspect,” he mused. “Using that trick … whoever designed it is smart.”

Here’s a tutorial on getting rid of FBI Ransomware: