Scammers Targeting MacOS With Denial-Of-Service Attacks

MacOS

This follows the discovery of a similar type of attack in November where an HTML5 API caused browsers to freeze

Tech support scammers are attempting to scare Apple Mac users into calling for assistance by targeting them with denial-of-service attacks via the Mail app.

For users running an older version of MacOS, simply visiting the malicious site triggers the Mail app to start creating a series of email drafts, eventually causing the computer to run out of memory and freeze.

This follows the discovery of a similar type of attack back in November where a specific HTML5 API (history.pushState) caused user’s browsers to freeze.

apple-macos-sierra-5

Outdated MacOS

As Malwarebytes’ lead malware intelligence analyst Jérôme Segura explaines, the virus will “keep drafting emails (but does not actually send them) incrementally and covering the previous open windows. This is not a spam attempt but rather a typical denial-of-service attack.”

The virus only affects users running an outdated version of MacOS, as Safari detects the attempt to open the Mail app and blocks the unwanted event.

Despite Apple’s generally solid security reputation, hackers have been targeting Mac devices more and more frequently in recent years. In 2015 for example, security researchers warned that cyber criminals could use an iOS vulnerability to hack Apple Pay and the company was also accused of knowing about major zero-day flaws in its iOS and OS X operating systems for at least eight months.

Furthermore, a dangerous piece of OS X malware that can give attackers full access to a compromised Mac was discovered last year and 2016 ended with Apple fixing 68 vulnerabilities in macOS Sierra.

Think you know about the history of the Apple Mac? Try our quiz!