Phishing Campaign Builds on iCloud Fears to Snag Log-in Credentials
Days after compromising photos of celebrities were leaked online, cyber-criminals are using fake security alerts from Apple to fool users into giving up their user names and passwords.The Kelihos botnet, which has survived three shutdown attempts, has begun sending out phishing messages that aim to exploit consumer concerns over the recent leak of information from Apple's iCloud service, according to security firm Symantec. The phishing campaign consists of email messages purporting to be from Apple and asking the targeted victim to authorize a fake iTunes Store transaction, Symantec stated in an analysis published on Sept. 5. The email claims that the transaction was initiated from an Internet address located in Volgograd, Russia. "It is possible that the timing of the campaign is not a coincidence and the controllers of the botnet are attempting to exploit public fears about the security of Apple IDs to lure people into surrendering their credentials," Symantec said. "However, this is by no means the first time that attackers have targeted Apple IDs in this fashion." Indeed, the Kelihos phishing operation follows another attempt to gather credentials by Dyre, a banking Trojan. The group behind that program has begun targeting user names and passwords of Salesforce.com users, according to an advisory posted by the company on Sept. 3. Salesforce is a cloud sales management service holding significant amounts of information on businesses' customers.
It's currently not known why bot masters are targeting users' credentials. While criminals could steal and sell corporate data—or celebrities' private images and documents—most users' data is only valuable to the owner.