Apple computer users should be extra diligent when surfing the web.
For the past few weeks, people have been tricked into visiting a phony website embedded with malware that can freeze Apple computers, according to a report this week by the cybersecurity firm Malwarebytes.
When Apple users visit the website via their Safari browser, often by clicking on a link in a bogus email, they inadvertently load malicious code onto their computers. The malware then triggers either two sets of actions depending on the version of the computers’ operating systems, the report said.
Get Data Sheet, Fortune’s technology newsletter.
In one case, the malware causes the computer’s Apple email client to create a deluge of draft emails that contain the words “Warning! Virus Detected!” in the email subject line. Although the emails don’t actually get delivered to anyone, the sudden flood of draft emails hogs the computer’s resources, thus causing the computer to freeze.
In the second case, the malware causes the infected computer’s iTunes program to open multiple times without closing to the point where it crashes.
In both of these instances, the malware essentially causes computers to use up all of their memory, similar to how hackers launch so-called denial-of-service attacks on web sites. In a denial-of-service attack, hackers basically overload an online service with Internet traffic, thus causing the service to become inaccessible because it can’t keep up.
Complicating matters, the malware targeting Apple computers leaves a dummy message in either the email draft or in the iTunes player that tells people to call a fake Apple support phone number to fix the problem. The report does not describe what happens when a person calls, but it’s likely that criminals will charge a fee to unlock the computer under the false pretense that they are Apple employees.
https://twitter.com/jeromesegura/status/812776441234395137
Apple’s iPhones and iPads are not impacted by the malware since they run on a different operating system than Apple computers.
The new Apple malware seems similar to a Microsoft (MSFT) Windows-tailored version that hit PCs in November, Malwarebytes said.
The Windows version of the Malware exploited a bug in the software language HTML5, increasingly used to create websites, that caused web browsers like Google (GOOG) Chrome and Firefox to display a fake help-support webpage that can’t be closed. The malware also causes the computer to overload so that no other program can be opened and instead display a fake telephone number to call.
For more about Apple, watch:
As for the Apple malware, the security firm did not say how many people appear to have been impacted, but it said that those who upgraded their operating systems to the latest versions seemed to be safe from the variant of the attack that creates draft emails. The iTunes variant, however, appears to be triggered regardless of whether a person’s operating system is up to date.
