Friday, 29 March 2024 04:39

iMessage security warning for iPhone users in 100 counties

Rate this item
(0 votes)

Some security exploits never die, and others seemingly cannot be killed. When a threat is named after a legendary vampire perhaps we should have expected it to come back from the dead. The real surprise, as security researchers raise the alarm over the Darcula phishing-as-a-service exploit resurfacing, and targeting 100 countries using more than 20,000 registered brand domains to help quench its thirst for iPhone user credential theft, is the way it evades Apple security measures. Here’s what you need to know.

Darcula Rises From The Dead To Suck Credentials From iPhone Users

First spotted in the wild last year by security researcher Oshri Kalfon in July 2023, Darcula has resurfaced and Netcraft’s Harry Everett has issued a new warning to all iPhone users to be onboard the lookout for the bloodthirsty iMessage threat.

Everett describes Darcula as a “new, sophisticated Phishing-as-a-Service (PhaaS) platform used on more than 20,000 phishing domains that provide cyber criminals with easy access to branded phishing campaigns.” The phishing domains in question relate to brands across numerous market sectors and target more than 100 different countries. At least 200 templates exist for would-be attackers to use the Darcula exploit, with postal services, including the United States Postal Service, being among the most popular. Other templates concentrate on institutions and brands that are trusted by consumers worldwide, including utilities, banks, government bodies such as taxation as well as airlines. The Netcraft report reveals that an average of 120 new domains have been hosting Darcula phishing pages every day this year. It certainly looks like the criminal operators behind the campaign have been busy.

Leveraging Trust By Using The Secure iMessage Platform

All phishing schemes look to leverage trust from the victim, and Darcula is no different. This is one reason why it has opted not to focus on sending messages with malicious links to those spoofed brand domains by SMS. There has simply been too much publicity about SMS scams, and the public is generally wary about responding to the “you have a parcel for a delivery” type of bait used. Instead, Darcula is distributed using iMessage on the iPhone and RCS on Android. The reasoning behind this is that iMessage is regarded as a more secure messaging medium than SMS, and for good reason: it was designed to be precisely that.

The end-to-end encryption employed in iMessage is great for user privacy, but it also enables attackers such as the Darcula criminals to bypass security filtering as the content of the messages cannot be analyzed by the network operators. This leaves “Apple’s on-device spam detection and third-party spam filter apps as the primary line of defense preventing these messages from reaching victims,” Netcraft warns.

How Darcula Evades Apple Security Measures For iMessage Users

Darcula even gets around Apple security measures such as requiring that links in an iMessage can only be clicked if you’ve already replied to the account sending it. “To evade this,” Everett says, “one of the templates created by criminals using Darcula is sent to Apple users with a ‘Please reply to Y’ or ‘Please reply to 1’ message.” Once users have replied, the malicious links are then clickable, and the victim will be redirected to the credential-stealing website operated by the criminals.

How To Defend Yourself Against The Darcula Threat

Because the Darcula phishing pages are very well put together, without the usual spelling mistakes or grammatical errors associated with such campaigns of old, use the local language of the country in question and are convincing copies of the brand being spoofed, it sits with users to be extra vigilant from the get-go. This means you need to be on the lookout for messages that appear to be too good to be true. Even if you are expecting notification concerning a parcel delivery, as this is the most common ruse used by Darcula, be alert to where that message is coming from and take special care to look for unusual domains, such as .top for example, and misspellings or hyphens in the brand name. ”If you’re expecting a message from an organization, navigate to their official website and avoid following links,” Everett advises.

An Apple spokesperson suggested concerned users refer to the Recognize and avoid phishing messages, phony support calls, and other scamssupport posting.

 

Forbes

April 19, 2024

Dangote Refinery announced disruptive price of N1,000 per litre of diesel. Here’s what made that…

S&P Global has revealed that the Dangote refinery's relaxed quality standards for diesel have resulted…
April 12, 2024

At cost totaling the 2024 budgets of the 36 states plus FCT, Lagos-Calabar project is…

Presidential candidate of the Peoples Democratic Party (PDP) in the 2023 election, Atiku Abubakar, has…
April 20, 2024

Experts are worried students use AI to write papers

We may earn a commission from links on this page. Millions of students are using…
April 13, 2024

A new camera can undress people almost in real time—to send a message about AI

Nuca, a new deepfake camera, is an art project that shows how artificial intelligence can…
April 20, 2024

Gunmen strike again in Plateau, kill university student, 14 others

Tragedy struck in Plateau State on Thursday as armed assailants unleashed violence in two communities,…
April 20, 2024

What to know after Day 786 of Russia-Ukraine war

WESTERN PERSPECTIVE Ukraine downs Russian strategic bomber after airstrike kills eight, Kyiv says Ukraine shot…
April 15, 2024

Winning funding proposals written by generative AI: Should that matter to you?

Generative AI is getting better every day. We now have ChatGPT4, Claude 3, Gemini, Perplexity,…
April 10, 2024

Nigeria’s Super Falcons qualify for 2024 Olympics at South Africa’s expense

Super Falcons of Nigeria have qualified for the women’s football event of the 2024 Olympics…

NEWSSCROLL TEAM: 'Sina Kawonise: Publisher/Editor-in-Chief; Prof Wale Are Olaitan: Editorial Consultant; Femi Kawonise: Head, Production & Administration; Afolabi Ajibola: IT Manager;
Contact Us: [email protected] Tel/WhatsApp: +234 811 395 4049

Copyright © 2015 - 2024 NewsScroll. All rights reserved.