You can make a difference in the Apple Support Community!

When you sign up with your Apple Account, you can provide valuable feedback to other community members by upvoting helpful replies and User Tips.

Looks like no one’s replied in a while. To start the conversation again, simply ask a new question.

Malware/Ransomware Stokerbrothy/Trackingboox on High Sierra in Safari?

Note: I am not sure this is the right community to be posting this in, feel free to redirect me to where I should be posting this if it's not.


Summary:

I interrupted what seemed to be a malware/ransomwrae attack (from stokerbrothy.stream and (probably) trackingboox.com) in the middle of it trying to download to my computer.


Has anyone else experienced this issue or heard of these websites? I deleted these files and did a system scan, what else can I do to make sure all these files are really off my computer? How can I prevent this from happening in the future?



More information:


OS: High Sierra 10.13.4


I was logged into my email in Safari when another tab entitled "Alert" opened (by itself) in the same window, without me viewing the tab files automatically and rapidly began to download to my computer. I disconnected from online as soon as I could.


When I looked in the "Downloads" folder I found that about 10 Safari download files and 1 TextEdit Document (all 2 bytes in size) had been downloaded to there in less than a minute. The files were from the website stokerbrothy.stream with the site trackingboox.com (potentially the source) appearing immediately before them in the internet history.


When I Googled these websites (on another device) there was no information about stokerbrothy and the only thing I could find on trackingboox was that it "was created in April 11, 2018. A website for this domain is hosted in the United States, according to the geolocation of its IP address 104.28. 6.227..." (http://domain-status.com).


I deleted the files and ran a system scan, which didn't detect any more of them and so far the system seems to be working normally. It certainly seems like some form of a malware, potentially a ransomware, attack. It's possible that some form of Trojan has taken advantage of the email service, as at least two other times before in the last four days I noticed an extra tab opening when logging into my email, but had always immediately closed it (as far as I could tell it never tried to automatically download anything before). Another member of my household also experienced an additional tab opening when logging into email.


Again, has anyone else experienced this issue or heard of these websites? I deleted these files and did a system scan, what else can I do to make sure all these files are really off my computer? How can I prevent this from happening in the future?

Posted on May 9, 2018 10:56 AM

Reply

Similar questions

4 replies

Malware/Ransomware Stokerbrothy/Trackingboox on High Sierra in Safari?

Welcome to Apple Support Community
A forum where Apple customers help each other with their products. Get started with your Apple Account.