A new malicious code targeting computers running macOS has recently been seen launching denial-of-service attacks on users by creating multiple email drafts, which ultimately causes the computer to slow down and become useless.
Analyzed by Malwarebytes Labs, together with security researcher @TheWack0lian, the malicious code exploits vulnerabilities found in Safari and the Mail app. Simply visiting the malware-infested website on an older version of macOS would open up a series of email drafts. With the high number of windows that the malware opens, this would eventually drain the memory of the computer, which would cause it to eventually freeze. Another known variant of the malware will open up iTunes, though its purpose is not clearly known.
The code is distributed via usual spam emails which pretend to be from tech support. Malwarebytes Labs found that the emails come from two email addresses: email@example.com and firstname.lastname@example.org. However, it is not exactly known if there are any other spam emails distributing the malicious software.
The researchers have also provided a list of URLs used by the exploit, which are the following (do not attempt to open them on a possibly vulnerable machine):
Lastly, it was found that if a user is running the latest version of macOS (10.12.2), they will not be affected. The system will automatically block the request to create email drafts.
Malwarebytes Labs compared the vulnerability to that of a two-year-old Google Chrome HTML bug found in Windows devices, which was exploited by scammers back in November last year. It froze the browser if the victim tried to dismiss the warning message, saying that the system is infected. It will then ask the user to call the number flashed on the screen to purportedly fix the problem at hand.
At this point, it is advised to be very wary of the emails we open, especially if it appears to come from a suspicious sender. Also, exercise caution in opening attachments, as they may be plagued with malware that can put your computer in jeopardy. When it comes to tech support scams like this, it is in no way recommended to dial the number provided, as doing so will only connect victims to scammers which will drain them of their hard-earned money.