iPhone malware
Ransomware is finally coming for the iPhone, so you'd better update your devices sooniStock and IBTimes UK

All Apple device users are encouraged to update their iPhones and iPads as soon as possible to avoid being plagued by mobile ransomware that exploits a security vulnerability in Mobile Safari on iOS to extort money from people who watch pornography on iOS devices in the UK, US, Ireland, Australia and New Zealand.

Security firm Lookout discovered that over the last month, cybercriminals launched a particularly nasty mobile malware campaign known as "scareware" that causes the Safari web browser on some iOS devices to lock users out if they use their Apple phones or tablets to view porn or other controversial content.

The attack works by exploiting a security flaw in how Mobile Safari handles JavaScript pop-up windows, which exists in every version of iOS from iOS 8 onwards to create a denial of service (DoS) attack on the browser. Apple has patched the flaw in iOS 10.3, which was released on Monday 27 March.

Pay £100 in iTunes gift cards, or else

Ransomware spotted on iOS
Update your phone now - security researchers have discovered iOS ransomware that locks Safari if victims don't pay ransoms using iTunes gift cardsLookout

Once the attack initiates, the victim is taken to a website whereby a fake notice from their relevant country's law enforcement agency pops up. In the UK, victims receive a message from the Metropolitan Police explaining that the user is prevented from using the internet on their device until they pay a fine of £100 ($124.27) using a prepaid iTunes gift card.

The user is instructed to send an SMS text message with the iTunes gift code to a UK mobile number that is listed as a "state number".

If you're in the US, you'll be taken to a .com domain and receive a fake notice from the Department of Justice. If you're in Ireland, the notice comes from the Department Of Justice and Equality; in Australia, it's the Attorney-General's Department; and in New Zealand, it's the New Zealand Police.

"After the payment, the device will be automatically unblocked. In case of refusal of paying the fine, or trying to unblock the device without paying, case materials will be delivered to Metropoliten Police [misspelled] for making the decision against institution of criminal proceeding due to commitment of crime," the notice reads. "You have 12 hours to pay the fine."

Another fake website seen by the security researchers in the UK shows a fake Interpol logo and the message: "Your device has been locked for illegal pornography, Send email to cybercrimegov@europe.com for unlocking."

Attack can be mitigated, but seriously, just update your device

The attack causes an infinite loop of dialog prompts, and no matter how many times the user clicks "OK" on the window, it will continue to pop up and prevent the user from using the web browser. However, unlike computer ransomware campaigns, it is possible to beat the malware by clearing the Safari cache and erasing all web history and data in Settings > Safari > Clear History and Website Data.

"The group involved in this campaign has purchased a large number of domains that try to catch users that are seeking controversial content on the internet and coerce them into paying a ransom to them," the researchers wrote in a blog post.

"Individuals are strongly encouraged to protect their iOS devices against this attack and take advantage of a number of other security patches that Apple made available in iOS 10.3."