Friday, 29 March 2024 04:39

iMessage security warning for iPhone users in 100 counties

Rate this item
(0 votes)

 

Some security exploits never die, and others seemingly cannot be killed. When a threat is named after a legendary vampire perhaps we should have expected it to come back from the dead. The real surprise, as security researchers raise the alarm over the Darcula phishing-as-a-service exploit resurfacing, and targeting 100 countries using more than 20,000 registered brand domains to help quench its thirst for iPhone user credential theft, is the way it evades Apple security measures. Here’s what you need to know.

Darcula Rises From The Dead To Suck Credentials From iPhone Users

First spotted in the wild last year by security researcher Oshri Kalfon in July 2023, Darcula has resurfaced and Netcraft’s Harry Everett has issued a new warning to all iPhone users to be onboard the lookout for the bloodthirsty iMessage threat.

Everett describes Darcula as a “new, sophisticated Phishing-as-a-Service (PhaaS) platform used on more than 20,000 phishing domains that provide cyber criminals with easy access to branded phishing campaigns.” The phishing domains in question relate to brands across numerous market sectors and target more than 100 different countries. At least 200 templates exist for would-be attackers to use the Darcula exploit, with postal services, including the United States Postal Service, being among the most popular. Other templates concentrate on institutions and brands that are trusted by consumers worldwide, including utilities, banks, government bodies such as taxation as well as airlines. The Netcraft report reveals that an average of 120 new domains have been hosting Darcula phishing pages every day this year. It certainly looks like the criminal operators behind the campaign have been busy.

Leveraging Trust By Using The Secure iMessage Platform

All phishing schemes look to leverage trust from the victim, and Darcula is no different. This is one reason why it has opted not to focus on sending messages with malicious links to those spoofed brand domains by SMS. There has simply been too much publicity about SMS scams, and the public is generally wary about responding to the “you have a parcel for a delivery” type of bait used. Instead, Darcula is distributed using iMessage on the iPhone and RCS on Android. The reasoning behind this is that iMessage is regarded as a more secure messaging medium than SMS, and for good reason: it was designed to be precisely that.

The end-to-end encryption employed in iMessage is great for user privacy, but it also enables attackers such as the Darcula criminals to bypass security filtering as the content of the messages cannot be analyzed by the network operators. This leaves “Apple’s on-device spam detection and third-party spam filter apps as the primary line of defense preventing these messages from reaching victims,” Netcraft warns.

How Darcula Evades Apple Security Measures For iMessage Users

Darcula even gets around Apple security measures such as requiring that links in an iMessage can only be clicked if you’ve already replied to the account sending it. “To evade this,” Everett says, “one of the templates created by criminals using Darcula is sent to Apple users with a ‘Please reply to Y’ or ‘Please reply to 1’ message.” Once users have replied, the malicious links are then clickable, and the victim will be redirected to the credential-stealing website operated by the criminals.

How To Defend Yourself Against The Darcula Threat

Because the Darcula phishing pages are very well put together, without the usual spelling mistakes or grammatical errors associated with such campaigns of old, use the local language of the country in question and are convincing copies of the brand being spoofed, it sits with users to be extra vigilant from the get-go. This means you need to be on the lookout for messages that appear to be too good to be true. Even if you are expecting notification concerning a parcel delivery, as this is the most common ruse used by Darcula, be alert to where that message is coming from and take special care to look for unusual domains, such as .top for example, and misspellings or hyphens in the brand name. ”If you’re expecting a message from an organization, navigate to their official website and avoid following links,” Everett advises.

An Apple spokesperson suggested concerned users refer to the Recognize and avoid phishing messages, phony support calls, and other scamssupport posting.

 

Forbes

December 29, 2024

Elon Musk’s Starlink announces price increase for Nigerian subscribers

Starlink, Elon Musk's satellite internet service provider, has announced plans to raise its subscription prices…
December 27, 2024

Bauchi governor accuses Tinubu of anti-North policies, warns of backlash

Bauchi State Governor Bala Mohammed has criticized President Bola Tinubu’s tax reform policies, calling them…
December 30, 2024

As prices of vegetable oil hit the roof, Nigerians use this kitchen gadget as alternative

It seems the high cost of vegetable oil has done what no culinary innovation could—turn…
December 29, 2024

Missing dog returns home on Christmas Eve, rings doorbell

Athena disappeared from her Florida home on Dec. 15 and had her family worried they…
December 27, 2024

Christmas Day attack on Benue community claims 11 lives

At least 11 people have been reportedly killed in Tor Azege community in Kwande Local…
December 30, 2024

Here’s the latest as Israel-Hamas war enters Day 451

Gaza captors tortured hostages, including minors, Israeli report says Hostages held in Gaza were subjected…
December 25, 2024

Stem cell therapy to correct heart failure in children could 'transform lives'

Renowned visionary English physician William Harvey wrote in 1651 about how our blood contains all…
December 17, 2024

Ademola Lookman named 2024 CAF Men’s Player of the year. These players won in other…

Ademola Lookman, the Super Eagles winger, was crowned the 2024 CAF Men’s Player of the…

NEWSSCROLL TEAM: 'Sina Kawonise: Publisher/Editor-in-Chief; Prof Wale Are Olaitan: Editorial Consultant; Femi Kawonise: Head, Production & Administration; Afolabi Ajibola: IT Manager;
Contact Us: [email protected] Tel/WhatsApp: +234 811 395 4049

Copyright © 2015 - 2024 NewsScroll. All rights reserved.