SecurityBrief New Zealand - Technology news for CISOs & cybersecurity decision-makers
Story image
Apple iCloud users are the new bait in phishing campaigns
Wed, 15th Jun 2016
FYI, this story is more than a year old

Apple iCloud users are the latest targets of phishing campaigns and those campaigns are using the same content but different domains to target Apple users, FireEye reports. Several phishing campaigns have targeted Apple users since January 2016, specifically Apple IDs and passwords.

Any Apple user who uses iCloud, iTunes or the App Store are vulnerable, as the Apple IDs are the same for every device, be it iPhone, iPad, iPod Touch, Mac or Windows computer

iCloud, which acts as a cloud syncing and sharing hub for contacts, documents, notes and photos across all Apple devices, also allows storage of passwords and credit card information.

According to FireEye, "Anyone with access to an Apple ID, password and some additional information, such as date of birth and device screen lock code, can completely take over the device and use the credit card information to impersonate the user and make purchases via the Apple Store."

FireEye says the malicious phishing domains resemble legitimate domains, and these have been used in attacks against iCloud users in the UK and China. They are sending the same content through different domains to target Apple users.

The two main campaigns reported by FireEye labs are:

1. The Zycode phishing campaign, which targets Apple's Chinese customers through a password variable in the JavaScript code. In addition, phishing domains used in campaigns are neither registered nor pointing to Apple infrastructure.

2. A targeted phishing campaign against UK Apple users reveals a number of domains that serve the same phishing content. "A simple HTTP GET (via the wget utility) to the domain's page reveals HTML code containing a meta-refresh redirection to the signin.php page," the FireEye blog says.