The method is simple but devious. According to security company Malwarebytes, which analyzed the malware with the help of researcher @TheWack0lian, it exploits vulnerabilities in the Safari browser and Mail app. Once operating, the malware starts creating countless email drafts, which uses up tons of memory and causes the computer to freeze.
In its report, the security company compared the new discovery to a similar HTML5 bug used in Windows devices last year that caused computers to freeze.
The delivery method of the malware is a classic, too – a regular-looking email purporting to be from tech support. The security researchers found two email addresses that were responsible — dean.jones9875@gmail.com and amannn.2917@gmail.com — and if these senders appear in your inbox, you should delete straight away without even opening. Consider placing blocks against these two email addresses in your settings. However it’s still not known if there are any other malicious email addresses in on the act.
Malwarebytes further noted that several compromised websites were being used to deliver the malware as well. Keep an eye out for these URLs and avoid them: safari-get[.]com, safari-get[.]net, safari-serverhost[.]com, and safari-serverhost[.]net. Again, much like the email addresses, these are only the URLs that we’re aware of so far.
The researchers also found that some variants of the malware opened up iTunes without any prompt but it is not clear what the reason or function of that is.
If you’re running the latest version of MacOS (10.12.2), you will be fine as Apple has patched the vulnerability, but users of older versions should be wary.
Tech support scams may be an old tactic but they keep evolving with clever but underhanded methods of delivering malware.
