A neighbor asked me for help with an iMac that had fallen victim to
a ransmomware attack ("this computer has been locked, call the number below....").

I'm left wondering if iPhones are subject to similar attacks, since
they offer most of the services found on desktop computers including
browsers. The subject computer was reasonably up-to-date and only a
couple years old. The hijack was during an attempt to connect to
MapQuest using the Safari browser. The screen seemed locked and I
didn't know how to recover control. Is there a force-restart- to-
safe-mode for iOS or MacOS?

Are iPhones subject to similar attacks? If not, why?

Thanks for reading, and apologies if this is a dumb question!

bob prohaska

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

On Fri, 15 Mar 2024 19:11:11 -0000 (UTC), [email protected] wrote:

Are iPhones subject to similar attacks?

To own an iPhone is to already be hacked and probably also exploited. Especially if you're not on the single one release Apple fully supports.
https://hothardware.com/news/apple-admits-only-fully-patches-security-flaws-in-latest-os-releases

The iPhone iOS is the most exploited smartphone operating system, so if any
of those many exploits in the wild happen to be ransomware, then... yes.
https://www.cisa.gov/known-exploited-vulnerabilities-catalog

Over the past few years, Apple has been notified of one or two zero-day
bugs every month in the iPhone iOS (and to the macOS but this is about
iPhones) so in addition, being the smartphone with the most zero-day holes,
if one of those are ransomware... then yes to that also - but the exploits
are more significant since those holes in iOS have to be exploited first.
https://www.securityweek.com/apple-warns-of-newly-exploited-ios-17-kernel-zero-day/

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

On 2024-03-15 19:11:11 +0000, <[email protected]> said:

A neighbor asked me for help with an iMac that had fallen victim to
a ransmomware attack ("this computer has been locked, call the number below....").

I'm left wondering if iPhones are subject to similar attacks, since
they offer most of the services found on desktop computers including browsers. The subject computer was reasonably up-to-date and only a
couple years old. The hijack was during an attempt to connect to
MapQuest using the Safari browser. The screen seemed locked and I
didn't know how to recover control. Is there a force-restart- to-
safe-mode for iOS or MacOS?

For most Mac models these days just holding the power button down for a
few seconds will force it to shutdown.

Right/control-clicking on the app's Dock icon or pressing
Command-Option-Esc will allow you to force quit an individual crashed
app that is no longer repsonding.

Are iPhones subject to similar attacks? If not, why?

Thanks for reading, and apologies if this is a dumb question!

bob prohaska

Ransomware and malware in general is extremely unlikely on MacOS or
iPhone / iPad unless you purposely do something incredibly stupid. It's
almsot certainly not going to happen by simply going to a legitimate
website like MapQuest in a web browser. More likely it was just a fake
advert pretending to be ransomware and it caused Safari to crash and
stop repsonding.

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

On 2024-03-15, Sten deJoode <[email protected]> wrote:

On Fri, 15 Mar 2024 19:11:11 -0000 (UTC), [email protected] wrote:

Are iPhones subject to similar attacks?

To own an iPhone is to already be hacked and probably also exploited.

"Sten" is a well-known troll here and is spreading FUD. You can safely
ignore anything they say on the matter. Their intent is to mislead and disparage Apple users.

--
E-mail sent to this address may be devoured by my ravenous SPAM filter.
I often ignore posts from Google. Use a real news client instead.

JR

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

On 2024-03-15, <[email protected]> <[email protected]> wrote:

A neighbor asked me for help with an iMac that had fallen victim to
a ransmomware attack ("this computer has been locked, call the number below....").

To be successfully attacked by malware, a Mac user must interactively
download the malware to their computer, interactively launch it from
their ~/Downloads folder, and interactively enter administrator
credentials when prompted. If your neighbor didn't do all of that, then
they probably aren't actually infected. A website displaying a message
saying your are infected doesn't mean you actually are - it's more
likely just an ad pop-up message trying to trick you into downloading
some piece of software that actually *is* malware - a very common thing
on shady websites.

Your neighbor probably isn't running an ad blocker (like 1Blocker, or AdGuard) which would have prevented them from seeing this scam while visiting the offending website in the first place.

To verify there is no malware installed, have them download MalwareBytes
(the free version is all they need) and run it. It will tell them if it
finds anything nefarious installed.

They should also learn from this experience and change their behavior accordingly:

As long as you use *safe computing practices*, you really don't need to
worry much about Mac malware. Here are some common sense safe computing practices everyone should follow:

- always install security updates in a timely manner after they are
released

- always run an ad blocker (like 1Blocker, AdGuard, or AdBlock Plus) in
your web browser so that you won't see distracting advertising as well
as unsolicited pop-up windows that claim you are somehow "infected” or
"missing some video software" and therefore need to download and
install some piece of untrusted software on your computer to fix some
supposed "problem” they supposedly "detected" - and if you do still
see these, don't fall for them as they are obvious scams

- always refrain from downloading and installing software from untrusted
sources - instead go directly to the software maker's website or to
the official App Store

I'm left wondering if iPhones are subject to similar attacks, since
they offer most of the services found on desktop computers including browsers.

You are nowhere near as likely to fall victim to such malware on iPhones
due to the enhanced security protections on them. While a Mac is
considered a general computing device, an iPhone is much more locked
down due to it being more of an appliance.

As such, all apps on iOS devices are sandboxed which means they cannot
access the file system outside of their own app sandbox, or data in
other apps, or system data, or even things like the camera or microphone without getting explicit permission from the operating system and the
owner of the device.

This means there is no way for a so-called antivirus program to scan for malware. It also means there is no way for malware to access other apps
or the system. And that means there is no need for antivirus utilities
in the first place. So-called “antivirus” and “security” apps for iPhone
don’t actually scan the device for malware — instead, they try to
convince you to purchase additional and unrelated software and services
like VPNs. It’s best to avoid these apps, as they are essentially
worthless.

The subject computer was reasonably up-to-date and only a couple years
old. The hijack was during an attempt to connect to MapQuest using the
Safari browser.

What your neighbor saw was probably just a nefarious "ad" displayed by
the website. That "ad" was trying to trick them into downloading
malware. This is very common, and an ad blocker will remove such
annoyances.

The screen seemed locked and I didn't know how to recover control.

It was probably just a web browser window that was full screen. Force
quitting the browser would fix that situation.

And certainly force shutting down the computer by holding down the power
button for 10 seconds would do the trick.

Thanks for reading, and apologies if this is a dumb question!

Nah!

--
E-mail sent to this address may be devoured by my ravenous SPAM filter.
I often ignore posts from Google. Use a real news client instead.

JR

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

On 15 Mar 2024 22:18:48 GMT, Jolly Roger wrote:

On 2024-03-15, <[email protected]> <[email protected]> wrote:

A neighbor asked me for help with an iMac that had fallen victim to a
ransmomware attack ("this computer has been locked, call the number
below....").

To be successfully attacked by malware, a Mac user must interactively download the malware to their computer, interactively launch it from
their ~/Downloads folder, and interactively enter administrator
credentials when prompted. If your neighbor didn't do all of that, then
they probably aren't actually infected. A website displaying a message
saying your are infected doesn't mean you actually are - it's more
likely just an ad pop-up message trying to trick you into downloading
some piece of software that actually *is* malware - a very common thing
on shady websites.

Your neighbor probably isn't running an ad blocker (like 1Blocker, or AdGuard) which would have prevented them from seeing this scam while
visiting the offending website in the first place.

To verify there is no malware installed, have them download MalwareBytes
(the free version is all they need) and run it. It will tell them if it
finds anything nefarious installed.

They should also learn from this experience and change their behavior accordingly:

As long as you use *safe computing practices*, you really don't need to
worry much about Mac malware. Here are some common sense safe computing practices everyone should follow:

- always install security updates in a timely manner after they are
released

- always run an ad blocker (like 1Blocker, AdGuard, or AdBlock Plus) in
your web browser so that you won't see distracting advertising as well
as unsolicited pop-up windows that claim you are somehow "infected” or
"missing some video software" and therefore need to download and
install some piece of untrusted software on your computer to fix some
supposed "problem” they supposedly "detected" - and if you do still
see these, don't fall for them as they are obvious scams

- always refrain from downloading and installing software from untrusted
sources - instead go directly to the software maker's website or to
the official App Store

I'm left wondering if iPhones are subject to similar attacks, since
they offer most of the services found on desktop computers including
browsers.

You are nowhere near as likely to fall victim to such malware on iPhones
due to the enhanced security protections on them. While a Mac is
considered a general computing device, an iPhone is much more locked
down due to it being more of an appliance.

As such, all apps on iOS devices are sandboxed which means they cannot
access the file system outside of their own app sandbox, or data in
other apps, or system data, or even things like the camera or microphone without getting explicit permission from the operating system and the
owner of the device.

This means there is no way for a so-called antivirus program to scan for malware. It also means there is no way for malware to access other apps
or the system. And that means there is no need for antivirus utilities
in the first place. So-called “antivirus” and “security” apps for iPhone
don’t actually scan the device for malware — instead, they try to convince you to purchase additional and unrelated software and services
like VPNs. It’s best to avoid these apps, as they are essentially worthless.

The subject computer was reasonably up-to-date and only a couple years
old. The hijack was during an attempt to connect to MapQuest using the
Safari browser.

What your neighbor saw was probably just a nefarious "ad" displayed by
the website. That "ad" was trying to trick them into downloading
malware. This is very common, and an ad blocker will remove such
annoyances.

The screen seemed locked and I didn't know how to recover control.

It was probably just a web browser window that was full screen. Force quitting the browser would fix that situation.

And certainly force shutting down the computer by holding down the power button for 10 seconds would do the trick.

Thanks for reading, and apologies if this is a dumb question!

Nah!

Good advice JR. Normally I would highlight only the parts I wish to
comment on, but I choose in this case to leave your piece intact.

Apparently site owners have only limited control over the ads that get displayed. Not many years ago I started seeing spammy and malware-ish ads showing up on tidbits.com. I emailed the owner <[email protected]> and told
him of the problem. He apologized profusely, and said there were a few adjustments he could make to alleviate this problem. Alleviate, not
eliminate.

All it takes is a little piece of rogue JavaScript inserted into an ad

ACE's income comes solely via memberships and sponsorship. I became a
member of tidbits.com years ago, so it runs ad-free for me. I _DO_ use an
ad blocker for most sites I visit, and if the site complains about that, I either move on or allow ads [temporarily]. Also, some site complain about
ad blockers, but don't have a mechanism to enforce.


--
[email protected] is an infrequently monitored address. Email may get lost. Networking: What happens when, for as long as a moment, billions of
things simultaneously fail to go wrong. -- Dan Farkas, 3/3/2007

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

Jolly Roger <[email protected]> wrote:

Your neighbor probably isn't running an ad blocker (like 1Blocker, or AdGuard)
which would have prevented them from seeing this scam while visiting the offending website in the first place.

The page displayed appeared to block mouse access to the Apple system menus.
I didn't explore very aggressively, however. If called again to help I'll
be more inquisitive.

Is uBlockOrigin considered acceptable on Mac OSX?

[Much good advice snipped]

The user in question is at the ragged edge of utter frustration. Offering
a "to-do list" is likely to make matters worse, especially at the moment.

Hopefully they'll take the problem to a genuine expert.....

Thanks for writing,

bob prohaska

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

On 2024-03-15, Chris Schram <[email protected]> wrote:

Good advice JR. Normally I would highlight only the parts I wish to
comment on, but I choose in this case to leave your piece intact.

Apparently site owners have only limited control over the ads that get displayed. Not many years ago I started seeing spammy and malware-ish
ads showing up on tidbits.com. I emailed the owner <[email protected]>
and told him of the problem. He apologized profusely, and said there
were a few adjustments he could make to alleviate this problem.
Alleviate, not eliminate.

Spot on. Do a web search for "google adsense malware" and you find many examples where Google's advertising networks are used to spread malware
to unsuspecting victims on countless websites that use Google's
advertising network. Ad network operators simply can't guarantee that
their networks won't be used for nefarious purposes. The FBI and other governmental organizations recommend that everyone use an ad blocker for
that reason:

<https://www.pcmag.com/news/fbi-recommends-installing-an-ad-blocker-to-dodge-scammers>

I refuse to browse the web without one, and I always recommend people use
them - on any platform

--
E-mail sent to this address may be devoured by my ravenous SPAM filter.
I often ignore posts from Google. Use a real news client instead.

JR

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

On 2024-03-16, <[email protected]> <[email protected]> wrote:

Jolly Roger <[email protected]> wrote:

Your neighbor probably isn't running an ad blocker (like 1Blocker, or
AdGuard) which would have prevented them from seeing this scam while
visiting the offending website in the first place.

The page displayed appeared to block mouse access to the Apple system
menus.

For future reference, you can force quit any app on macOS by pressing Command-Option-Escape. 😉

I didn't explore very aggressively, however. If called again to help I'll
be more inquisitive.

Is uBlockOrigin considered acceptable on Mac OSX?

Sure, but 1Blocker or AdBlock are simpler to set up and use, and work
with the macOS default web browser, Safari.

--
E-mail sent to this address may be devoured by my ravenous SPAM filter.
I often ignore posts from Google. Use a real news client instead.

JR

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

On 15 Mar 2024 22:19:56 GMT, Jolly Roger wrote:

is spreading FUD

Heh heh heh... Jolly Roger calls all facts about APPLE to be FUD.

I had provided three reliable cites containing facts you don't like, JR.

1. *Apple only fully supports a single iOS release.*
<https://hothardware.com/news/apple-admits-only-fully-patches-security-flaws-in-latest-os-releases>

2. *iOS has ten times the exploits that Android has.*
<https://www.cisa.gov/known-exploited-vulnerabilities-catalog>

3. *iOS has twice to three times the zero-day holes that Android has.*
< https://www.securityweek.com/apple-warns-of-newly-exploited-ios-17-kernel-zero-day/>

The fact you hate facts doesn't change the fact that they're still facts.

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

On 15 Mar 2024 22:18:48 GMT, Jolly Roger wrote:

To be successfully attacked by malware, a Mac user must interactively download the malware to their computer

That's dead wrong.

There have been *plenty* of zero-day zero-click no-interaction holes in
Apple's operating systems, Jolly Roger, where the user does nothing at all.

Most of them appear to be in Apple's defective kernel & webkit though.

But you can see the _exploited_ ones in this listing if you like:
<https://www.cisa.gov/known-exploited-vulnerabilities-catalog>

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

On 16 Mar 2024 01:50:22 GMT, Jolly Roger wrote:

The FBI and other
governmental organizations recommend that everyone use an ad blocker for
that reason:

In addition to Jolly Roger's helpful advice, the iPhone pioneered the use
of easy setup of encrypted DNS (also called Private DNS), many of which do
ad blocking on the side.

https://www.macobserver.com/tips/deep-dive/5-private-dns-services/

Firefox/Chrome name = Google (encrypted, not ad blocking)
dns.google 8.8.4.4
dns.google 8.8.8.8
dns.google 2001:4860:4860::8888
dns.google 2001:4860:4860::8844

Firefox/Chrome name = Cloudflare
one.one.one.one 1.1.1.1
one.one.one.one 1.0.0.1
one.one.one.one 2606:4700:4700::1111
one.one.one.one 2606:4700:4700::1001

Firefox/Chrome name = Cloudflare
https://developers.cloudflare.com/1.1.1.
1dot1dot1dot1.cloudflare-dns.com 1.0.0.1
1dot1dot1dot1.cloudflare-dns.com 1.1.1.1
1dot1dot1dot1.cloudflare-dns.com 2606:4700:4700::1111
1dot1dot1dot1.cloudflare-dns.com 2606:4700:4700::1001

Firefox/Chrome name = Mullvad (encrypted + ad blocking)
https://mullvad.net/en/help/dns-over-https-and-dns-over-tls
adblock.dns.mullvad.net 194.242.2.3
adblock.dns.mullvad.net 2a07:e340::3
dns.mullvad.net 194.242.2.2
dns.mullvad.net 2a07:e340::2

Firefox/Chrome name = Adguard (encrypted + ad blocking)
https://adguard-dns.io/en/welcome.html
dns.adguard.com 94.140.14.14
dns.adguard.com 94.140.15.15
dns.adguard.com 2a10:50c0::ad1:ff
dns.adguard.com 2a10:50c0::ad2:ff

Firefox/Chrome name = Quad9
https://quad9.net/
dns.quad9.net 149.112.112.112
dns.quad9.net 9.9.9.9
dns.quad9.net 2620:fe::fe
dns.quad9.net 2620:fe::9

Firefox/Chrome name = Controld (encrypted + ad blocking)
https://controld.com/free-dns
p2.freedns.controld.com 76.76.2.11
p2.freedns.controld.com 2606:1a40::11

Firefox/Chrome name = Cleanbrowsing (encrypted + ad blocking)
https://cleanbrowsing.org
dns.cleanbrowsing.org 185.228.168.168
dns.cleanbrowsing.org 185.228.168.10
family-filter-dns.cleanbrowsing.org 185.228.168.168
adult-filter-dns.cleanbrowsing.org 185.228.168.10
security-filter-dns.cleanbrowsing.org 185.228.168.9

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

On 2024-03-16, Sten deJoode <[email protected]> wrote:

On 15 Mar 2024 22:18:48 GMT, Jolly Roger wrote:

To be successfully attacked by malware, a Mac user must interactively
download the malware to their computer

That's dead wrong.

Nope, it's correct.

There have been *plenty* of zero-day zero-click no-interaction holes
in Apple's operating systems

There have been plenty of zero days in *all* operating systems, "Sten"
(Arlen), yet you constantly ignore everything but Apple zero days,
because: troll. Also, the overwhelming majority of zero days are
discovered by security researchers in labs rather than in the wild, and
they are more often than not patched in the latest OS release. So
keeping your devices up to date (one of the safe computing best
practices I mentioned) is the best defense against them.

--
E-mail sent to this address may be devoured by my ravenous SPAM filter.
I often ignore posts from Google. Use a real news client instead.

JR

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)