Malware/Ransomware Stokerbrothy/Trackingboox on High Sierra in Safari?

Question

Level 1

7 points

Malware/Ransomware Stokerbrothy/Trackingboox on High Sierra in Safari?

Note: I am not sure this is the right community to be posting this in, feel free to redirect me to where I should be posting this if it's not.

Summary:

I interrupted what seemed to be a malware/ransomwrae attack (from stokerbrothy.stream and (probably) trackingboox.com) in the middle of it trying to download to my computer.

Has anyone else experienced this issue or heard of these websites? I deleted these files and did a system scan, what else can I do to make sure all these files are really off my computer? How can I prevent this from happening in the future?

More information:

OS: High Sierra 10.13.4

I was logged into my email in Safari when another tab entitled "Alert" opened (by itself) in the same window, without me viewing the tab files automatically and rapidly began to download to my computer. I disconnected from online as soon as I could.

When I looked in the "Downloads" folder I found that about 10 Safari download files and 1 TextEdit Document (all 2 bytes in size) had been downloaded to there in less than a minute. The files were from the website stokerbrothy.stream with the site trackingboox.com (potentially the source) appearing immediately before them in the internet history.

When I Googled these websites (on another device) there was no information about stokerbrothy and the only thing I could find on trackingboox was that it "was created in April 11, 2018. A website for this domain is hosted in the United States, according to the geolocation of its IP address 104.28. 6.227..." (http://domain-status.com).

I deleted the files and ran a system scan, which didn't detect any more of them and so far the system seems to be working normally. It certainly seems like some form of a malware, potentially a ransomware, attack. It's possible that some form of Trojan has taken advantage of the email service, as at least two other times before in the last four days I noticed an extra tab opening when logging into my email, but had always immediately closed it (as far as I could tell it never tried to automatically download anything before). Another member of my household also experienced an additional tab opening when logging into email.

Again, has anyone else experienced this issue or heard of these websites? I deleted these files and did a system scan, what else can I do to make sure all these files are really off my computer? How can I prevent this from happening in the future?

Posted on May 9, 2018 10:56 AM

Reply

Answer 1

May 15, 2018 3:10 PM in response to Alpha6709

Just happened to me. Looked like it was a jump from the New York Post site which I clicked on to read a story from Yahoo.

I had to hard restart my computer to start it. Looking around and searching now for additional files.

Reply

Answer 2

May 10, 2018 4:26 PM in response to Alpha6709

Hi,

Download and run Malwarebytes Anti-Malware for Mac

Only takes a minute or two.

Just searching for those files doesn't always reveal there whereabouts on the drive.

Reply

Answer 3

Eric Root

Level 10

684,057 points

May 9, 2018 1:59 PM in response to Alpha6709

See if you can find the file(s) using one of these programs. If you go Finder/View/Show Path Bar, it will show you where it is located.

EasyFind – Spotlight Replacement

Find Any File

Reply

Answer 4

May 19, 2018 7:01 AM in response to Alpha6709

Same Issue! I was on zillow and that same website popped up and opened a second page where it told me "You have a virus". I was very worried because I never had this sort of issue before!

Reply

Malware/Ransomware Stokerbrothy/Trackingboox on High Sierra in Safari?

Similar questions