A tech support scam uses a series of email drafts to crash computers that are running an older version of MacOS.
Jérôme Segura, lead malware intelligence analyst at Malwarebytes, first detected a website associated with the scam during the 2016 holiday season.
Tech support scam for iOS with season's colours (safari-get[.]com). pic.twitter.com/xtTBCISNRp
— Jérôme Segura (@jeromesegura) December 24, 2016
Segura explains in a blog post that the scam mainly targets Mac users running Safari:
“Simply visiting the malicious site on an older version of MacOS would start creating a series of email drafts, which eventually cause the machine to run out of memory and freeze.”
When a user visits the malicious webpage, it scans their computer to determine which MacOS version they’re running. The website then uses that information to execute one of two behaviors on the machine. In the first variant, the scam causes Apple Mail to open a series of email drafts until the machine freezes. Its second variant invokes iTunes instead.
As of this writing, machines running 10.2.2 don’t trigger the Apple Mail app denial-of-service (DoS) attack. But that doesn’t mean those updated computers are entirely protected.
As Segura notes:
“[T]the second variant appears to still be capable of opening up iTunes, without any prompt in Safari.”
The purpose of a tech support scam, which is among The State of Security’s top five scam types of 2016, is to convince users there’s something wrong with their computer. Attackers can then use a warning message such as the one displayed above to convince them into calling a fake support number, authorizing remote control to their computer, and/or purchasing an illegitimate security solution.
This tech scam depends on Mac users visiting a malicious website. With that in mind, users can protect themselves by avoiding clicking on suspicious email links. They should also make sure to update their systems on a regular basis and to maintain an up-to-date antivirus solution on their computers.