MAAS History
exocrine exocrine

All information Provided as is.

« Condition Remains GREEN | Main | Condition Remains GREEN »

Condition Remains Green

Reports of a Mac trojan FBI Ransomware are False

Report of Law Enforcement Ransomware are False

Criminals are using a Javascript Social Engineering trick to create an endless loop to fool the user in to believing that their computer is locked by the FBI. Using this false information the actors intended to generate additional revenue by using clicks. There is no Trojan, Ransomware or Malware.

We expect the "Stay on Page" button may be used within days to continue the fraud related to ad-click operation. To prevent possible escalation users should ensure the following two setting within Mac OSX which would mitigate this threat.

  1. Make sure to disable (de-select) "Open Safe Files" in Safari Preferences.
  2. Set Gatekeeper to "APP-Store" to prevent installation of rouge Applications

To prevent the loop from running and exiting the page

  1. Disable Javascript. DO NOT RESET SAFARI OR FORCE QUIT.
  2. Hit back in Safari.
  3. Enable Javascript.
  4. Reset History and Top Sites as a precaution.

For more information visit Tips for Safe Safari Browsing.

The fraud related to this activity have been monitored by different law enforcement organizations for some time. After all creating a FBI page is a Federal Crime. 

The referenced article has incorrect information from Venture Beat and is one source of the false information. Other articles are promoting the Force QUIT and Reset of Safari. Performing a force quit or Safari reset is a sloppy solution for most users lacking any technical or tactical advantage. DO NOT FORCE QUIT OR DO A RESET. DISABLE JAVASCRIPT and HIT BACK.

Note: Users should make sure that Gatekeeper is set to APP Store always. This will prevent any rouge software from running. 

References (1)

References allow you to track sources for this article, as well as articles that were written in response to this article.