Prevent Spam Downloads on Safari

Wouldn't this be a good case for a Safari content blocker / javascript blocker that's selective?

Ghostery might be a good place to start on the Mac to see if you can use pre-built rules to quash cross-site scripting / ad injection of code into web pages. Of course, if the page is serving up that content directly you'll need to disable javascript on that page entirely or take note and just block those sites that crap up your experience intentionally or due to selling off ad injection to anyone with the means to afford this scare ware and scam ware.

If you wanted to be more precise - GreaseMonkey type user scrips could combat this with enough JS knowledge on your part (or finding someone that wrote the script to block today's iteration of this malware).

  • https://tampermonkey.net/?browser=safari
  • https://www.greasespot.net

Edited By @JBis

The following userscript was successfully in blocking the page.

     // ==UserScript==
     // @name         The Bomb Squad
     // @version      0.1
     // @description  Blocks the pages containing any function with the bomb_ch function detailed in https://apple.stackexchange.com/questions/329594/prevent-spam-downloads-on-safari and https://blog.malwarebytes.com/malwarebytes-news/2018/02/tech-support-scammers-find-new-way-jam-google-chrome/
     // @author       Josh Brown (@JBis https://apple.stackexchange.com/users/263848/jbis)
     // @match        *
     // @grant        none

    // ==/UserScript==

   if (typeof bomb_ch === "function") {
     document.getElementsByTagName("body")[0].innerHTML="<h1>Page Defused by The Bomb Squad</h1><p>Because it contatained the following
 function(s):  <pre>bomb_ch()</pre> <br>";
    }

Note: Sp(c)ammers can easily bypass this by randomizing the bomb_ch() function.

Newer OS versions of Safari might help cut this down a bit, but there's money to be made by people that deliver this load of crap to your Mac so they'll likely adapt to any technologies that try to make it easy to block. Unless you're willing to spend more money supporting a business that maintains a library of settings that can "whack-a-mole" and adapt faster than the charlatans can cook up new code in their boiler room.

You'll also have to decide if the web sites that do this are also charlatans that are part of the con since they should know this is happening to you, one of the visitors they host.


While there many capable ad blockers for Safari, there are far fewer choices for wider-spectrum, extension-based content-blockers. Of those, only two stand out: Ghostery and uBlockOrigin [information link: https://github.com/gorhill/uBlock download link: https://safari-extensions.apple.com/?q=ublock%20origin.

EDIT: Don't confuse uBlock Origin with the very similarly named uBlock,. The two products are substantially different in ability and reputation.

Can they do what you want and prevent the download bombing your friends experienced? Yes, with the distinction that Ghostery would need some rules customization where uBlockOrigin is set to do it as the default.

I happen to know uBlockOrigin blocked this particular exploit one month before the Malwarebytes announcement in your "More info" link. I don't know about Ghostery's timeline.

I would recommend you give them both a trial.