The Apple Store Online's “Someone Else Pick It Up” option was discredited by cybersecurity experts at this year's annual hacking conference after scammers used it to steal more than $400,000 in just two years. I was recently warned.
In September 2022, Kim Gyu-young and Cho Hyun-ho of the Korea Financial Security Institute, together with colleagues, discovered a series of attacks against over 50 reputable online retailers, revealing a major data breach. It is claimed that
However, further investigation revealed that the attackers were looking to do more than quickly steal user data.
To avoid detection, cybercriminals were able to deface the payment pages of these online retailers and send personal and credit card information to servers in addition to legitimate servers, according to reports.
(Photo: SEBASTIEN BOZON/AFP via Getty Images) This photo, taken on March 25, 2024, shows the Apple logo on a smartphone in Mulhouse, eastern France.
The key element is that the Apple Store will contact a designated third party or a third party who did not pay for the product but was given permission by the purchaser to take the product away with identification and proof of purchase. , allowing you to pick up your online purchases.
Therefore, the scammer used the stolen credit card to purchase iThings and designated the thrift store shopper as the authorized third party.
For example, a $1,000 iPhone may sell for $800 at a second-hand store. The scammers purchased the equipment using credit card numbers obtained during a phishing trip and kept the buyer's $800, which he spent at a thrift store.
Related article: Australia vs. X: Social media platforms challenge Bishop's content removal
Scammers based in China
The research team named this Apple Store scam “Poisoned Apple.” Researchers believe the attacker is based in China, based on clues such as the domain being purchased through his ISP in China.
Simplified Chinese text was also discovered on the dark web linked to an email address accidentally left in the source code.
Researchers uncovered a web server with software used by the thieves to collect stolen data and uncovered their activities.
A configuration issue revealed the culprit's IP address. Even though the culprit used her Cloudflare content delivery network to hide its activities behind multiple layers of her IP addresses.
Apple warns against malware attack
The “Poison Apple” plan follows recent warnings from the iPhone giant. In early April, Apple sent a worrying warning to iPhone customers in 92 countries, warning them of a possible malware attack by mercenaries.
The technology company expressed concerns about targeted surveillance efforts by sending a message to people around the world. The company emphasized the gravity of the situation, noting that the assault likely singled out certain people based on their identity or behavior.
Apple has issued similar warnings before. Similar alerts have been sent to his subscribers in more than 150 countries since 2021, suggesting the threat is persistent and pervasive.
It is reportedly impossible to overstate how sophisticated these attacks are. According to Apple, mercenary spyware attacks using NSO Group's Pegasus are much rarer and more sophisticated than typical cybercrime or consumer malware.
NSO is an Israeli company that specializes in remote iPhone hacking and is best known for its Pegasus spyware. In March, a US judge ruled in Meta's favor and directed NSO to abandon the Pegasus code.
Pegasus is a spyware virus that can take over your mobile device, read messages from various apps, make phone calls, and steal personal information.
These attacks are often associated with government agencies or private companies, are resource-intensive, and are customized to specific targets.
Related article: Frontier Communications suffers cyber breach by unknown cybercrime group
(Photo: Tech Times)
ⓒ 2024 TECHTIMES.com All rights reserved. Please do not reproduce without permission.
