Site icon Sophos News

Watch out for these high-pressure Apple malware scams

We noticed a lull in recent months in emails and web pages that SHOUT THAT YOUR MAC IS INFECTED and then offer free advice on what to do next – “free” advice that you should urgently buy a product to remove a threat that doesn’t exist, that is.

But, then it happened.

Like the proverbial buses that keep you waiting for ages and then three come along at once…

…we visited an innocent-sounding website yesterday, only to be bombarded with three different Apple-focused scams in quick succession.

In old-school Windows technical support scams, the scammers often made an effort to avoid actually stating that they worked for Microsoft – they’d say things along the lines of being a team “working with Windows” rather than “a division of Microsoft”.

That distinction made no difference in practice – fake support scams are based on a pack of lies anyway – but seemed to matter greatly to the scammers, as though a tame lawyer had advised them that the ramifications would be worse if they actually claimed to be Microsoft.

(In fact, in at least one case, the scammers turned out to be living a double life – Microsoft Gold Partners by day; con artists by night.)

But in this case, the scammers have unashamedly stolen Apple’s name and brand, claiming to be the Apple Support Center:

Indeed, if you scroll down on the page run by the crooks, you’ll see it is stolen outright from Apple’s official pages – the only difference, surprisingly, is that the crooks have neatened up the layout slightly, avoiding the ugly orphaned word should on a line of its own:

This page comes with a voiceover that churns out a whole list of falsehoods about your Mac, and threatens dire consequences from Apple if you don’t act (words in boldface are incorrect in the audio file itself):

https://news-sophos.go-vip.net/wp-content/uploads/sites/2/2017/10/scamaudio-20171011.mp3?_=1

Critical alert from Apple Support. Your Mac has an alert. Your system is infected with viruses, spywares and pornwares. These viruses are sending your credit card details, Facebook logins and personal emails to hackers remottly. Please call us immediately on the toll-free number listed so that our support engineers can walk you to the removal process lowver the phone. If you close this window before calling us, we will be forced to disable and suspend your Mac device to prevent further damage to our network. Error number 268D3.

Refreshing the page a few times produced a slew of different redirections, mostly offering to sell us various domain names or to let us stream TV shows, but we were soon faced with a similar but different scam:

When we clicked [Proceed >>], we were presented with a fake anti-virus scan, just like the old days, followed by a warning to download and install a third-party Mac utility, from which we assume the crooks will receive some sort of affiliate payout:

A few more page refreshes later, and the third bus, sorry, scam appeared, this time in the guise of a fake Flash update (an amusing irony considering that Adobe actually skipped Flash Patch Tuesday in October 2017, with no update provided):

We weren’t able to find whether the crooks would have foisted a pay-to-play utility on you, or tried to infect you with malware, because the download link – fortunately for any potential victims – wasn’t working:

What to do?

Macs don’t attract anywhere near the amount of attention from cybercriminals as Windows computers, but “much less than” is not the same as “zero”.

In other words, if you’re a Mac user, be sure to follow the same sorts of online safety precautions as your Windows cousins:


Exit mobile version