Three Ways to Fix a Safari Browser Hijack in iOS 11

Browser Hijackers Are Scum!

There’s a particularly nefarious form of hijackware that can take over Safari in iOS. Fortunately, there are three fairly easy ways to solve an iOS browser hijack (also called a Safari hijack): clearing your cache, disabling JavaScript, and using an external link to force open a new window or tab. I’ll explain each of these methods below.

You can skip to the instructions if you don’t want the description first.

Safari Hijack in iOS

A browser hijack, or safari hijack, is when a malicious webpage—or more likely, a malicious ad on an otherwise legitimate webpage—takes over your browser. There are a few different versions of this. One variant puts a dialog box on your screen asking you to call a phone number, like in the screenshot below.

WARNING: NEVER CALL A PHONE NUMBER LIKE THIS—IT’S A SCAM BY BOTTOM FEEDING SCUMBAGS TRYING TO TRICK YOU INTO GIVING THEM YOUR CREDIT CARD INFO!

Screenshot of a browser hijack in iOS 11
Screenshot of a browser hijack in iOS 11

The way this one worked was that you couldn’t cancel or otherwise dismiss the dialog box. And see how it looks all official, like it’s something form Apple? It isn’t. Instead, it’s JavaScript shenanigans whose only goal is to get you to call the thieves and hand over personal data, credit card info, and sometimes remote access to your device.

So, as the warning says, don’t fall for this, never call a number like that, and use the methods below to get around a safari hijack like this if you stumble into one.

Browser Hijack Variant

Another variation is the one I encountered below. In this version, a maliciously—or maybe just poorly—coded ad didn’t hijack my entire browser. Instead, it hijacked the webpage I was trying to visit. No matter what I did, I was rerouted to some spammy BS site when I opened Safari.

A screenshot of another browser hijack variant
Another Safari Hijack Variant

These hijacks usually aren’t the fault of the site operator, and sometimes not even the ad network they’re on. Spammers and thieves are engaged in an unrelenting effort to get their maliciously crafted ads onto ad networks, especially the automated ones. While most of those networks remove the malware ads (eventually), the bad guys are always trying to get new ones in.

Next: How to Fix a Safari Hijack in iOS 11

3 thoughts on “Three Ways to Fix a Safari Browser Hijack in iOS 11

  • This didn’t help me at all, on my iPad. Still getting hijacked with regularity. What I mean is, even with JavaScript disabled, I get hijacked, bu at least can go back to the page. Problem is the sites where this is happening are useless without JavaScript. Amazed the hell out of me that I cannot blacklist sites in safari, or even chrome on iPad, I would need to use a wildcard as they change it but my tormenter begins with eu.*.out or something like that. Wild card in place of the field that changes each time. This is making browsing unusuable. One of the sites is huffingtonpost and they are basically unreachable anyway.

  • Sorry but this is just the ad network being weaponized. I will make a few repeat visits to sites where this happens and notify the site, but if it persists more than a couple of visits, that’s it, I’m blacklisting you. In general this is among the reasons “we can’t have nice things”, but that is the world we live in. If ad networks can’t fix this problem quickly, it will be the well-deserved end of them.

  • This happens to me at a few website that I regulalry visit. I will report to the webmaster who will investigate and 86 the ad, but a few days later the slimeball is at it again.

    Maybe the answer would be for website to not allow advertisers to use javascript in the ads, just a simple link. It would probably speed up the page load.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.