- SlowMist flags malicious phishing program on Apple devices, leading to 1.6M yuan theft.
- Phishing scheme bypasses Apple’s 2FA, granting full access to user accounts.
- Malicious app imitates legitimate ones on App Store to steal Apple ID credentials.
Blockchain security firm SlowMist has flagged a dangerous phishing program lurking within an app in Apple devices that resulted in the theft of 1.6 million Chinese yuan. The malicious scheme, capable of bypassing Apple’s two-factor authentication (2FA), allowed the hacker to gain full access to user account and carried out unauthorized transactions.
The alarming discovery came to light when a distressed user took to V2EX, a popular Chinese online forum known for its tech-savvy community, to seek help and warn others about the phishing attack. The user, whose family’s Apple ID was fortified with 2FA, was still victimized, raising serious concerns about the security of Apple’s authentication measures.
The phishing program operates by imitating legitimate applications on the App Store. Once downloaded, the app prompts users to log in using their Apple ID authorization, where an unsuspicious password input box appears. Unknown to the users, at this point, the attackers stealthily acquire their Apple ID credentials.
The devious tactic continues as the scammer adds their own phone number to the list of trusted numbers for the victim’s 2FA, granting them unfettered access to the account. Instead of immediately exploiting the Apple ID, the hacker cunningly created a family sharing setup and used another account to purchase virtual goods within the app, thereby evading suspicion.
SlowMist specifically stated, “This is a very clever phishing method to bypass Apple’s 2FA!” The firm’s experts further warned Apple users, particularly those involved in cryptocurrencies, who rely on iCloud backup as their asset storage solution. In the event of an attack, such users could suffer devastating financial losses due to the compromised iCloud backup.
In recent years, there have been numerous reported cases of smartphone hacking and discussions about illegal data-collecting practices on smartphone apps in the country. Studies have found that high-end Android devices sold in China come with pre-installed spyware, putting users’ privacy at risk.
Another known case came to light when a Chinese e-commerce giant, Pinduoduo, was accused of using invasive malware, potentially monitoring users’ activities. Researchers from NordVPN have also revealed a new hacking method called GhostTouch, which allows cybercriminals to unlock certain smartphones from a distance without installing malware.
Disclaimer: The information presented in this article is for informational and educational purposes only. The article does not constitute financial advice or advice of any kind. Coin Edition is not responsible for any losses incurred as a result of the utilization of content, products, or services mentioned. Readers are advised to exercise caution before taking any action related to the company.