Security News DoS Attack Can Crash a Mac Using Malware Spreading via Email

Exterminator

Exterminator

Level 85
Thread author
Verified
Top Poster
Well-known
Oct 23, 2012
12,527
Cybercriminals are once again targeting Apple customers, this time using malware that can easily crash Macs by creating draft emails over and over again until the device freezes due to system overload.

Security company Malwarebytes warns that a new wave of attacks has already been spotted online, trying to exploit vulnerabilities in Safari and the Mail app to use the entire amount of RAM and crash the device.

How the malware works
Basically, the malware does a very simple thing: it automatically creates email drafts continuously until the Mac is no longer capable of handling the task and crashes.

In order for a device to be successfully installed, users must first click on a link delivered via email, so this is pretty much the first thing that you should not do. Do not open links that arrive in your inbox and whose sender you don’t know because there’s a good chance that it spreads malware.

Malwarebytes has been quoted as saying that users should delete emails coming from these two email addresses without reading them: dean.jones9875@gmail.com and amannn.2917@gmail.com. Other email addresses might be used as well, so you'd better keep an eye on your inbox to make sure you’re on the safe side.

The security firm claims that the malware spreads using a number of compromised websites, including (but not limited to) the following: safari-get[.]com, safari-get[.]net, safari-serverhost[.]com and safari-serverhost[.]net. Of course, many more might be compromised already, so again, don’t click on links that you don’t trust.

How to block attacks
First and foremost, if you’re running the latest version of macOS (10.12.2), you’re already secure. Malwarebytes says that Apple has already included a fix in this particular version and in the latest betas, but this doesn’t necessarily mean that you’re entirely safe and you should open any links without caution.

Additionally, there’s another way to block attacks using filters that can help block emails sent from the aforementioned two addresses (note that this is only efficient if the malicious links are sent from these emails). Create a rule in the Mail app preferences to automatically delete messages if the new messages contain the dean.jones9875@gmail.com and amannn.2917@gmail.com in the “from” field.

Mail should then automatically process all your new emails and remove them automatically should they come from these emails known for spreading malware.
Click to expand...
 
  • Like
Reactions: Der.Reisende, Vasudev, Svoll and 4 others
W

Wave

Unless you have a very large database of emails known to spread malware which is frequently updated (daily) then blocking a couple emails is pointless and won't be very effective, since an attacker can easily create a new email account (e.g. the Outlook anti-spam on registration is not very good and the Google signup doesn't always require phone number verification).

In fact, an attacker could make a bot to create a new e-mail address multiple times from the program, and then have it login to each next new one and use it for the e-mail sending every 10 message count, ensuring that the victim will receive at least X amount of emails in the case of the block method being utilized.

The best line of defense for these situations is too:
- Stay away from the Spam folder unless you are specifically looking for an email by a trusted sender whose email may have been filtered out accidentally due to an aggressive anti-spam.
- Stay away from attachments in emails which are sent by an unknown sender.
- Stay away from links in emails which are sent by an unknown sender - even if the text to the link says Google, it may still not actually lead to that website and the site it's linked to could redirect you elsewhere also.
- Watch out for emails which appear to be from a trusted sender but have really been spoofed to appear to be from a trusted sender - this is commonly used during spear phishing attacks where the attackers main goal is to trick the victim into believing the email is coming from an email address belonging to a trusted sender (e.g. could be your parents, a friend, or even your work boss) so the victim provides back information (e.g. could be on fields processed by a site which was linked in the email to obtain account credentials, credit card information, etc.).
- Prevent yourself from giving out your email address to people you do not trust, and use either a disposable or secondary email account when signing up to online service.

Use your brain, utilize the common sense... And you'll be good to go! :) ;)
 
  • Like
Reactions: jamescv7, Der.Reisende, Vasudev and 3 others
Bryan Lam

Bryan Lam

Level 3
Verified
Well-known
Apr 19, 2015
130
The malware is actually extremely simple.

It's just 3 lines of HTML code designed to open the mail app. With some simple tweaks like noscript, this malware can easily be avoided.

I have a sample of this and basically any privacy extension with script blocking will destroy this. Also, this is good news for chrome users. The reason being it doesn't do anything to chrome. In actual fact, it just continuously refreshes the chrome page every second or so and to fix it just use the following combination to close chrome and it should be gone (Option + Command + Esc) Though, this malware is also targeting ipads and iphones. To fix link malware on them, restart your device forcefully (Hold home + lock for 7 sec) then DO NOT open Safari after restart. Go to settings --> Safari --> Then Clear browsing data.

Ways to avoid --->

Chrome extension to choose what scripts run on webpage load

ScriptSafe (You can spoof user agents and referrers with this)

Firefox Extension to block JS, Flash and more

NoScript Security Suite

DNS blocking through device or router. (Router preferred as it protects all devices connected to it)

Home Internet Security | OpenDNS (Make sure you register an account, get the home version then customise what you want to block)

I've been researching this for the past 2 weeks and I can safely say these are basically useless. But yes, as Exterminator has said be careful. Even though there are fixes, don't take any risks.


~Bryan
 
Last edited:
  • Like
Reactions: Der.Reisende, Svoll, Deleted Member 3a5v73x and 1 other person
jamescv7

jamescv7

Level 85
Verified
Honorary Member
Mar 15, 2011
13,070
In such scenario, email providers have decent detection on spam so better yet do not click any email came from unknown sources. (That's why it is marked as spam, cause you are not aware on the information received from you)

It's very simple, a matter of curiosity that defeats the preventive steps and cause damage.
 
You must log in or register to reply here.

Similar threads

enaph
    • +Reputation
Security News Nintendo Warns of Spoofed Emails Impersonating Official Account
Replies
0
Views
828
Security News
enaph
enaph
Brownie2019
    • Like
New Update Avast One Basic It’s free
Replies
1
Views
371
Avast
Bot
Bot
Brownie2019
On Sale! AVG Internet Security 2024 [1-D, 1-YR] 10€
Replies
0
Views
327
Discounts and Deals
Brownie2019
Brownie2019

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

Quick Navigation

Forum Rules Warning System Welcome Guide Two-factor Authentication

User Menu

Login

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top