A tech support scam is targeting Mac users with malware that tries to crash the system, then encourages the victim to call a phony Apple support number in order to get the system restored to normal. Victims are infected with the malware via a malicious email or by visiting a specially registered scam website.
The cybersecurity researchers at Malwarebytes warn that these websites are particularly dangerous for Mac users running Safari because simply visiting one of the domains can execute the attack. The malicious webpage will first determine the version of OS X via a user agent check and push two different versions of this denial-of-service.
The first variant has code that will keep drafting emails (but doesn’t actually send them) incrementally and cover the previous open windows. The second variant will instead open up iTunes.
These flaws may have been fixed with macOS Sierra 10.12.2 as Mac users running a fully up-to-date OS do not seem to be affected by the Mail app DoS, according to Malwarebytes.
