According to information on the MalwareBytes Lab blog, Mac OS users are being targeted with a new tech support scam that can freeze their systems or prompt them into calling a fake tech support agent.

Similar to past schemes, this scam warns possible victims that there is something wrong with their system and they need to contact a technical support person.

By either clicking on a phony website or calling a phony assistance number, the users will become a victim of the attackers who will gain control of their system.

The flaw involves computer systems running the Safari browser. Two versions of the scam are being reported; one was dubbed a browlock, while another, which actually loaded malware onto devices, was termed a screen locker.

If the victim visits the phony website, it triggers a user agent check which can scan the system and determine what version of the OS is installed. Once that is done, it downloads two different versions of a denial-of-service attack. One floods the system with email drafts which overwhelm the systems memory and shuts it down. The second download affects Apple's iTunes.

An update seems to have solved the first DDoS attack, but the second is still viable. Jérôme Segura, lead malware intelligence analyst at Malwarebytes says: "the second variant appears to still be capable of opening up iTunes, without any prompt in Safari."

Malvertising seems to be the cause of the redirects to the phony websites. "Malicious adverts displayed on popular sites or sites with high traffic will automatically redirect your browser to a tech support scam page," according to Segura.

The hackers are hoping the redirects will scare users into calling for tech support and entrapping the victim.

Source: SCMagazine