Good to know. My parents just got fooled. They say that there was some
popup that said their flash was out of date and to download an updater.
Well, they went ahead and did that but it wasn't the real Flash updater.
So now every time they click a link it opens a new browser tab to some
other malware download stuff, pops up giant ads and other annoyances.
This included the obligatory "call this number for help" which they did
but at least they stopped before actually handing over their credit card
number. The tipoff to them was that the 'tech support company' wasn't
actually Apple. I think they had wanted $150 to 'fix' their machine.
From what I read, under the hood the malware actually uses some unix
tricks to attach itself to the browsers process (Safari, Chrome or
Firefox) and intercept all the requests so they can modify the links on
the fly. Pretty sneaky. From this Apple article it sounds like you can
sometimes wipe it out just by doing a major OS upgrade:
https://support.apple.com/en-us/HT202225
They were on OSX 10.8 so I had them start downloading/installing 10.10
last night and it was still going earlier today. If that doesn't work
I'll run through the steps here to try and kill of the badness:
https://support.apple.com/en-us/HT203987
They apparently got MacKeeper installed which is not a good thing. I
found this recent article talking about how Malware does it's thing on
OSX and that we're going to find more of it migrating from Windows:
http://www.howtogeek.com/210589/mac-os-x-isn’t-safe-anymore-the-crapware-malware-epidemic-has-begun/
I'll keep adwaremedic.com in mind if my other attempts fail. Thanks for
the timely info.
CB
On 4/23/15 6:54 PM, Christine Grassman wrote:
I want you all to know about something I just experienced.
I was on Twitter within Safari and a “critical service warning” popped
up, informing me that a malicious virus had been detected and had
attacked my system, and that “we have shut down all of your critical
systems to protect any further damage.” The warning went on to give
this number:
888 553-4193
and directed me to give a number starting with Mac and ending with
several digits.
My BS detector was on full alert.
I called Apple and told them what was going on. I was informed that
this occurs several times a day at least, and that it usually involves
adware.
When a screen sharing session link was sent, Safari could not find the
server, nor could Google Chrome.
I was then told to open the MacBook in safe mode, and I thought I
could use VoiceOver in safe mode, but it would not come on, and
command F5 would not bring it up.
The tech support rep handed me over to someone who had more VoiceOver
experience. He had me shut down and restart normally, then sent me the
ability to screen share by using my apple ID, which made the screen
sharing like an application, which enabled me to go to adwaremedic.com
<http://adwaremedic.com>, download adware medic, and run it.
This problem appears to be resolved, but I wanted you all to be aware
of this incident, as well as to inquire: Isn’t there a way to use
VoiceOver in safe mode?
Thank you . . . and be careful out there. I was told people have been
known to give their credit card numbers to these people thinking they
are getting their computers fixed.
Christine
--
You received this message because you are subscribed to the Google
Groups "MacVisionaries" group.
To unsubscribe from this group and stop receiving emails from it, send
an email to macvisionaries+unsubscr...@googlegroups.com
<mailto:macvisionaries+unsubscr...@googlegroups.com>.
To post to this group, send email to macvisionaries@googlegroups.com
<mailto:macvisionaries@googlegroups.com>.
Visit this group at http://groups.google.com/group/macvisionaries.
For more options, visit https://groups.google.com/d/optout.
--
¯\_(ツ)_/¯
--
You received this message because you are subscribed to the Google Groups
"MacVisionaries" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to macvisionaries+unsubscr...@googlegroups.com.
To post to this group, send email to macvisionaries@googlegroups.com.
Visit this group at http://groups.google.com/group/macvisionaries.
For more options, visit https://groups.google.com/d/optout.
