According to researchers, crooks have been hacking iCloud accounts of North American Apple users and then using them to send spam SMSes to Chinese mobile users.
To mislead victims, the text messages are malcrafted to advertise imitations of Prada and Coach handbags and the expert say that this spamming campaign is, by all means, strange.
“This spam campaign has been on-going for several months, but in many cases does not match the standard method of sending SMS abuse in that it is persistent, widely distributed, and the senders are, as far as we could determine, predominately iPhone users that did not exhibit prior spamming behavior.” – researchers from AdaptiveMobile said – “The timing of when the messages were sent was erratic, but the recurrent nature of the pattern triggered our deeper investigation.”
The attackers are trying very hard to stay under the radar but some of the victims, who have had their account abuse, noticed that something is not right when they started getting Chinese responses as well as much higher phone bills to pay.
Researchers say that the spammers are relying on the “Send as SMS” service.
“The Send as SMS is a fall-back method in case the iMessages can’t be delivered through a data link. After a certain timeout period of unsuccessful attempts, the messages are converted into text messages and sent from an iPhone with this option enabled that is associated with the same account.” – the researchers explained.
The security experts assume that the attackers are able to compromise iCloud accounts either by phishing attacks or by testing out leaked credentials from breaches. When they manage to log in to the account they pair it with a new device, ready to send the spam texts.
Even though the actual owner of the iCloud account will be notified that another device is using their phone number and Apple ID, most of these notifications remain ignored. However, the researchers have found at least 3,200 users who paid attention to the warning. As it turned out, the crooks have used their iPhones to send more than 280,000 spam SMSs in two months.
The right thing to do if you get a notification like that is to sign in into your iCloud account and change your password. Then, don’t forget to sign out any other device that has been linked to the compromised account. Also, enabling two-factor authentication as one more account protection layer could only help.
Although for the moment the attackers prefer to compromise Northern American users as their mobile phone numbers look very similar to Chinese ones, they can decide to break this limitation any time.
“There is strong evidence to suggest that other geographies have been infected as well as users in other parts of the world have also reported this.” – the researchers added.
