All the sessions from Transform 2021 are available on-demand now. Watch now.

Apple computer users should be extra diligent when surfing the web.

For the past few weeks, people have been tricked into visiting a phony website embedded with malware that can freeze Apple computers, according to a report this week by the cybersecurity firm Malwarebytes.

When Apple users visit the website via their Safari browser, often by clicking on a link in a bogus email, they inadvertently load malicious code onto their computers. The malware then triggers either two sets of actions depending on the version of the computers’ operating systems, the report said.

In one case, the malware causes the computer’s Apple email client to create a deluge of draft emails that contain the words “Warning! Virus Detected!” in the email subject line. Although the emails don’t get actually get delivered to anyone, the sudden flood of draft emails hogs the computer’s resources, thus causing the computer to freeze.

In the second case, the malware causes the infected computer’s iTunes program to open multiple times without closing to the point where it crashes.

In both of these instances, the malware essentially causes computers to use up all of their memory, similar to how hackers launch so-called denial-of-service attacks on web sites. In a denial-of-service attack, hackers essentially overload an online service with Internet traffic, thus causing the service to become inaccessible because it can’t keep up.

Complicating matters, the malware targeting Apple computers leaves a dummy message in either the email draft or in the iTunes player that tells people to call a fake Apple support phone number to fix the problem. The report does not describe what happens when a person calls, but it’s likely that criminals will charge a fee to unlock the computer under the false pretense that they are Apple employees.

Apple’s iPhones and iPads are not impacted by the malware since they run on a different operating system than Apple computers.

The new Apple malware seems similar to a Microsoft Windows-tailored version that hit PCs in November, Malwarebytes said.

The Windows version of the Malware exploited a bug in the software language HTML5, increasingly used to create websites, that caused web browsers like Google Chrome and Firefox to display a fake help-support webpage that can’t be closed. The malware also causes the computer to overload so that no other program can be opened and instead display a fake telephone number to call.

As for the Apple malware, the security firm did not say how many people appear to have been impacted, but it said that those who upgraded their operating systems to the latest versions seemed to be safe from the variant of the attack that creates draft emails. The iTunes variant, however, appears to be triggered regardless of whether a person’s operating system is up to date.

This story originally appeared on Copyright 2017


VentureBeat's mission is to be a digital town square for technical decision-makers to gain knowledge about transformative technology and transact. Our site delivers essential information on data technologies and strategies to guide you as you lead your organizations. We invite you to become a member of our community, to access:
  • up-to-date information on the subjects of interest to you
  • our newsletters
  • gated thought-leader content and discounted access to our prized events, such as Transform 2021: Learn More
  • networking features, and more
Become a member