On Monday I wrote about ransomware and how more and more instances of it have been surfacing over the past few years.
Yesterday, this popped up on my radar.
Scammers were exploiting a bug in IOS (iPhone and presumably iPad) Safari to make it appear as if a user’s device had been hijacked, and that they had to pay to get access back. The ransomware was installed on some porn sites.
Ars Technica has a less technical description here.
As the first article calls it, this is more “scareware” than “ransomware.” It’s possible to get control of Safari back, and Apple just patched the exploit with the latest IOS upgrade. I had another site inadvertently do this my iPhone via some crappy web coding.
(By the way, if your site uses pop-ups, I will very likely never visit it again. If your mobile site uses pop-ups, fuck you. I will positively never visit it again.)
The interesting bit here is the social engineering. Cracking (what the unethical kind of hacking is more properly called) has also been more about social engineering than clever tech. This is a prime example.
Be careful out there, and if you find yourself paying a “policeman” with gift cards, think again.
And put your pants back on. Please.