Friday, December 6, 2024
HomePassword AttacksBeware!! Hackers Using New Tools to Break open Apple iCloud Accounts to...

Beware!! Hackers Using New Tools to Break open Apple iCloud Accounts to Unlock Stolen iPhone’s

Published on

SIEM as a Service

A New Phishing and scam tools are discovered that used by the cyber criminal to unlock the physically stolen iPhones by compromising the victim’s iCloud accounts through abusing the “find my iPhone” future.

Once iPhone user linked to an Apple ID with iCloud Account then the Device owner can lock the Phone if it gets lost or stolen using Apple’s Find My iPhone settings.

Last Year U.S alone more than 23,000 iPhones stolen case was reported that cost around $6.7 million and a large amount of physically stolen iPhone’s are shipped from Ireland and the U.K. to India, Argentina, and the U.S.

Hacking tools such as MagicApp, Applekit, and Find My iPhone (FMI.php) framework are mainly used by Apple iCloud phishers and used these tools to automatically unlock the iCloud accounts and later Resell it to a black market.
- Advertisement - SIEM as a Service

Also Read: Phishing and Keylogging Major Threats to Google Accounts Security

How Does Attackers Unlock Stolen iPhone’s 

The attacker is using a sophisticated phishing attack to unlock the phone via compromising the iCloud account to the victim who lost their iPhone by physical theft.

Initially, After activating find my iPhone future, soon after victim receives an SMS or Email which has some spoofed Information that comes from Apple that completely looks like a legitimate information.

Eger Victims will always click the Phishing Link that redirected to a webpage that looks like legitimate one that will ask an Apple ID or iCloud Account Credentials from Victims.

Attack chain

Once Victims Provide an information about iCloud or Apple ID, Attacker could gain the credential information and unlock their iPhone and delete the account which is linked to it.Now the iPhone will be unlocked and later it can sell it or reuse it.

Trend Micro discovered a GitHub Repository where some source code of one of the phishing pages and different tools for building iCloud phishing pages.
The phishing page is based on what cybercriminals call FMI.php (Find My iPhone framework) / Devjo class, a component present in many other phishing kits. It’s the closest tool cybercriminals have that resembles Apple’s Find My iPhone Application Program Interface (API).

A fake Apple verifier phishing script project on Github

Once users give away their Credential information to a phishing page, FMI.php framework used to retrieve the information such as the cell phone number, passcode length, ID, GPS location, whether the device is locked or not from iCloud.

This Framework aslo capable of automatically deletes the victim’s Apple account after it’s unlocked.

    Sample email received by Attacker with the victim’s Apple ID and password

Also, These Toolkits are actively advertising and selling via online as well as a black market with full tutorials of user Manual that guide you to how to use the kit to Unlock Stolen iPhone’s.

Some of iPhone unlocker Kits

AppleKit: iCloud Fraud as a Service
MagicApp: Automating iCloud Fraud
iUnlocker: MagicApp Affiliate

Tool Kit Futures

  • Email notifications to the attacker, which include the victim’s IP, HTTP referral, browser User-Agent, etc.
  • Access to the victim’s iCloud, enabling them to get device information, unlock it, or delete the device from the account
  • Anti-crawler and AV scanner capabilities, which are blocked by IP ranges
Balaji
Balaji
BALAJI is an Ex-Security Researcher (Threat Research Labs) at Comodo Cybersecurity. Editor-in-Chief & Co-Founder - Cyber Security News & GBHackers On Security.

Latest articles

One Identity Named Winner of the Coveted Top InfoSec Innovator Awards for 2024

One Identity named Hot Company: Privileged Access Management (PAM) in 12th Cyber Defense Magazine’s...

HCL DevOps Deploy / Launch Vulnerability Let Embed arbitrary HTML tags

Recently identified by security researchers, a new vulnerability in HCL DevOps Deploy and HCL...

CISA Warns of Zyxel Firewalls, CyberPanel, North Grid, & ProjectSend Flaws Exploited in Wild

The Cybersecurity and Infrastructure Security Agency (CISA) has issued warnings about several vulnerabilities being...

HackSynth : Autonomous Pentesting Framework For Simulating Cyberattacks

HackSynth is an autonomous penetration testing agent that leverages Large Language Models (LLMs) to...

API Security Webinar

72 Hours to Audit-Ready API Security

APIs present a unique challenge in this landscape, as risk assessment and mitigation are often hindered by incomplete API inventories and insufficient documentation.

Join Vivek Gopalan, VP of Products at Indusface, in this insightful webinar as he unveils a practical framework for discovering, assessing, and addressing open API vulnerabilities within just 72 hours.

Discussion points

API Discovery: Techniques to identify and map your public APIs comprehensively.
Vulnerability Scanning: Best practices for API vulnerability analysis and penetration testing.
Clean Reporting: Steps to generate a clean, audit-ready vulnerability report within 72 hours.

More like this

Cloudflare Developer Domains Abused For Cyber Attacks

Cloudflare Pages, a popular web deployment platform, is exploited by threat actors to host...

New TLDs Such as .shop, .top and .xyz Leveraged by Phishers

Phishing attacks have surged nearly 40% in the year ending August 2024, with a...

New Phishing Attack Targeting Corporate Internet Banking Users

A sophisticated phishing scam has surfaced in Japan, targeting corporate internet banking users.This...