Re: Are iPhones subject to ransomware attacks?

On 15 Mar 2024 22:18:48 GMT, Jolly Roger wrote:

On 2024-03-15, <bp@www.zefox.net> <bp@www.zefox.net> wrote:

>
A neighbor asked me for help with an iMac that had fallen victim to a
ransmomware attack ("this computer has been locked, call the number
below....").

 
To be successfully attacked by malware, a Mac user must interactively
download the malware to their computer, interactively launch it from
their ~/Downloads folder, and interactively enter administrator
credentials when prompted. If your neighbor didn't do all of that, then
they probably aren't actually infected. A website displaying a message
saying your are infected doesn't mean you actually are - it's more
likely just an ad pop-up message trying to trick you into downloading
some piece of software that actually *is* malware - a very common thing
on shady websites.
 
Your neighbor probably isn't running an ad blocker (like 1Blocker, or
AdGuard) which would have prevented them from seeing this scam while
visiting the offending website in the first place.
 
To verify there is no malware installed, have them download MalwareBytes
(the free version is all they need) and run it. It will tell them if it
finds anything nefarious installed.
 
They should also learn from this experience and change their behavior
accordingly:
 
As long as you use *safe computing practices*, you really don't need to
worry much about Mac malware. Here are some common sense safe computing
practices everyone should follow:
 
- always install security updates in a timely manner after they are
  released
 
- always run an ad blocker (like 1Blocker, AdGuard, or AdBlock Plus) in
  your web browser so that you won't see distracting advertising as well
  as unsolicited pop-up windows that claim you are somehow "infected” or
  "missing some video software" and therefore need to download and
  install some piece of untrusted software on your computer to fix some
  supposed "problem” they supposedly "detected" - and if you do still
  see these, don't fall for them as they are obvious scams
 
- always refrain from downloading and installing software from untrusted
  sources - instead go directly to the software maker's website or to
  the official App Store
 

I'm left wondering if iPhones are subject to similar attacks, since
they offer most of the services found on desktop computers including
browsers.

 
You are nowhere near as likely to fall victim to such malware on iPhones
due to the enhanced security protections on them. While a Mac is
considered a general computing device, an iPhone is much more locked
down due to it being more of an appliance.
 
As such, all apps on iOS devices are sandboxed which means they cannot
access the file system outside of their own app sandbox, or data in
other apps, or system data, or even things like the camera or microphone
without getting explicit permission from the operating system and the
owner of the device.
 
This means there is no way for a so-called antivirus program to scan for
malware. It also means there is no way for malware to access other apps
or the system. And that means there is no need for antivirus utilities
in the first place. So-called “antivirus” and “security” apps for iPhone
don’t actually scan the device for malware — instead, they try to
convince you to purchase additional and unrelated software and services
like VPNs. It’s best to avoid these apps, as they are essentially
worthless.
 

The subject computer was reasonably up-to-date and only a couple years
old. The hijack was during an attempt to connect to MapQuest using the
Safari browser.

 
What your neighbor saw was probably just a nefarious "ad" displayed by
the website. That "ad" was trying to trick them into downloading
malware. This is very common, and an ad blocker will remove such
annoyances.
 

The screen seemed locked and I  didn't know how to recover control.

 
It was probably just a web browser window that was full screen. Force
quitting the browser would fix that situation.
 
And certainly force shutting down the computer by holding down the power
button for 10 seconds would do the trick.
 

Thanks for reading, and apologies if this is a dumb question!

 
Nah!

Good advice JR. Normally I would highlight only the parts I wish to
comment on, but I choose in this case to leave your piece intact.

Apparently site owners have only limited control over the ads that get
displayed. Not many years ago I started seeing spammy and malware-ish ads
showing up on tidbits.com. I emailed the owner <ace@tidbits.com> and told
him of the problem. He apologized profusely, and said there were a few
adjustments he could make to alleviate this problem. Alleviate, not
eliminate.

All it takes is a little piece of rogue JavaScript inserted into an ad

ACE's income comes solely via memberships and sponsorship. I became a
member of tidbits.com years ago, so it runs ad-free for me. I _DO_ use an
ad blocker for most sites I visit, and if the site complains about that, I
either move on or allow ads [temporarily]. Also, some site complain about
ad blockers, but don't have a mechanism to enforce.


--
chrispam1@me.com is an infrequently monitored address. Email may get lost.
Networking: What happens when, for as long as a moment, billions of
things simultaneously fail to go wrong. -- Dan Farkas, 3/3/2007