If you own an iPhone or iPad, it’s possible you could see popup windows in a sort of endless cycle on your Safari browser, revealing your browser has been locked and asking you to pay a fee to unlock it. Just do not pay any ransom.
A new ransomware campaign has been found exploiting a flaw in Apple’s iOS Safari browser in order to extort money from users who view pornography content on their phones or attempt to illegally download pirated music or other sensitive content.
However, the good news is that Apple patched the web browser vulnerability on Monday with the release of iOS version 10.3.
The victims eventually would end up on an attacker website that masquerades itself as a legitimate law enforcement site informing victims that they have to pay a fine for viewing illegal content in order to regain access to their browser.
Lookout researchers called the exploit “scareware,” as the attack doesn’t actually encrypt any data and hold it ransom. Rather the attack just scares victims into paying the ransom fee to unlock the browser.
“The scammers abused the handling of pop-up dialogs in Mobile Safari in such a way that it would lock out a victim from using the browser,” Lookout explains.
“The attack would block the use of the Safari browser on iOS until the victim pays the attacker money in the form of an iTunes Gift Card. During the lockout, the attackers displayed threatening messaging in an attempt to scare and coerce victims into paying.”
The scammers effectively used fear as a factor to get victims pay the fee before they realized that there was no real risk to their data and it’s very easy to overcome this issue.
Lookout researchers shared the cause of this iOS exploit with Apple last month, and the company has promptly patched the issue with the release of iOS 10.3. Now, pop-up windows only take over a tab, instead of the entire app.
Those iOS 10.2 users who are already hit by this ransomware campaign can clear their browsing cache by navigating to Settings → Safari → Clear History and Website Data.