Cybersecurity professionals recently flagged Apple Store Online's 'Someone else picks it up' option during this year's annual hacking conference after scammers allegedly used it to steal over $400,000 in just two years.
The Financial Security Institute of South Korea's Gyuyeon Kim and Hyunho Cho claim that in September 2022, they and a colleague discovered a series of assaults against over 50 reputable online retailers, revealing significant data breaches.
The cybercriminals were reportedly able to modify the payment pages of these online retailers to avoid detection and send personal and credit card information to their servers along with legitimate ones.
(Photo: SEBASTIEN BOZON/AFP via Getty Images) This picture, taken on March 25, 2024, shows the Apple logo on a smartphone in Mulhouse, eastern France.
The crucial element is that Apple Stores permit designated third parties, or those who did not pay for the product but have been given permission by the buyer to take it home with identification and proof of purchase, to pick up online purchases.
Thus, the con artists used stolen credit cards to purchase iThings, designating the second-hand store shoppers as the authorized third party.
For instance, a used store may sell a $1,000 iPhone for $800. Using a credit card number they had taken during their phishing trip, the con artists would purchase the equipment and keep the $800 the buyer had spent at the thrift store.
Read Also: Australia vs. X: Social Media Platform Challenges Bishop Stabbing Content Takedown
China-Based Scammers
The research team named the Apple store scam "Poisoned Apple." Based on clues like purchasing a domain through a Chinese ISP, the researchers think the threat actors are based in China.
They also discovered text in simplified Chinese on the dark web linked to an email address that was inadvertently left behind in the source code.
When the researchers found a web server with software the thieves used to gather stolen data, they uncovered the operation.
Configuration problems revealed the perps' IP address, even though they were using Cloudflare's content delivery networks to conceal their operations behind several layers of IP addresses.
Apple Warns Against Malware Attacks
The 'Poisoned Apple' scheme follows a recent warning by the iPhone giant. In early April, Apple sent a concerning alert to iPhone customers in 92 countries, warning them of possible mercenary malware attacks.
The tech company raised concerns about targeted monitoring activities by sending the message to people worldwide. The corporation underscored the gravity of the circumstance, pointing out that the assault probably singles out specific people based on their identities or actions.
Apple has previously released similar cautions. Similar alerts have been sent to subscribers in more than 150 countries since 2021, suggesting a continuous and pervasive threat landscape.
It is reportedly impossible to overstate how sophisticated these attacks are. According to Apple, mercenary spyware attacks that use Pegasus from the NSO Group are much rarer and more refined than typical cybercrime or consumer malware.
NSO is an Israeli company specializing in remotely hacking iPhones and is well-known for its Pegasus spyware. In March, a US judge ruled in Meta's favor, directing NSO to give up its Pegasus code.
Pegasus is a spyware virus that may take over a mobile device, read messages from different apps, make calls, and steal private information.
These attacks, frequently linked to governmental entities or private enterprises, are resource-intensive and customized for particular targets.
Related Article: Frontier Communications Suffers Cyber Breach by Unknown Cybercrime Group
(Photo: Tech Times)
