Categories
macOS News security Software

Safari-get.com URL leads to new malware strain for macOS-based machines

You’re going to need to be a little more careful when surfing the Web on your Mac.

For the past few weeks, people have been tricked into visiting a phony website embedded with malware that can freeze Macs, according to a report this week by the cybersecurity firm Malwarebytes.

The new malware, which can be activated by visiting safari-get.com, can trigger two sets of actions depending on the version of the computers’ operating systems.

In one case, the malware causes the computer’s Apple email client to create a deluge of draft emails that contain the words “Warning! Virus Detected!” in the email subject line. Although the emails don’t get actually get delivered to anyone, the sudden flood of draft emails hogs the computer’s resources, thus causing the computer to freeze.


In the second case, the malware launches iTunes multiple times without closing it to the point where the application crashes, thereby also hogging additional resources from the computer.

The two instances focus on using up all of a system’s available resources, similar to how hackers use denial-of-service attacks on web sites, bombarding a server with traffic until it crashes.

Complicating matters, the malware targeting Apple computers leaves a dummy message in either the email draft or in the iTunes player that tells people to call a fake Apple support phone number to fix the problem. The report does not describe what happens when a person calls, but it’s likely that criminals will charge a fee to unlock the computer under the false pretense that they are Apple employees.

As of now, iOS-based devices are not affected by the malware.

The new Apple malware seems similar to a Microsoft Windows-tailored version that hit PCs in November, Malwarebytes said.

The Windows version of the malware exploited a bug in the software language HTML5, increasingly used to create websites, that caused web browsers like Google Chrome and Firefox to display a fake help-support webpage that can’t be closed. The malware also causes the computer to overload so that no other program can be opened and instead display a fake telephone number to call.

Malwarebytes did not offer a specific number of users that had been affected by the malware and users with the latest security updates seemed immune to it. The iTunes variant, however, appears to be triggered regardless of whether a person’s operating system is up to date.

In short, please try to avoid the safari-get.com web site and malware and we’ll have additional details on this as they become available.

Via VentureBeat and blog.malwarebytes.com