Friday, 29 March 2024 04:39

iMessage security warning for iPhone users in 100 counties

Rate this item
(0 votes)

 

Some security exploits never die, and others seemingly cannot be killed. When a threat is named after a legendary vampire perhaps we should have expected it to come back from the dead. The real surprise, as security researchers raise the alarm over the Darcula phishing-as-a-service exploit resurfacing, and targeting 100 countries using more than 20,000 registered brand domains to help quench its thirst for iPhone user credential theft, is the way it evades Apple security measures. Here’s what you need to know.

Darcula Rises From The Dead To Suck Credentials From iPhone Users

First spotted in the wild last year by security researcher Oshri Kalfon in July 2023, Darcula has resurfaced and Netcraft’s Harry Everett has issued a new warning to all iPhone users to be onboard the lookout for the bloodthirsty iMessage threat.

Everett describes Darcula as a “new, sophisticated Phishing-as-a-Service (PhaaS) platform used on more than 20,000 phishing domains that provide cyber criminals with easy access to branded phishing campaigns.” The phishing domains in question relate to brands across numerous market sectors and target more than 100 different countries. At least 200 templates exist for would-be attackers to use the Darcula exploit, with postal services, including the United States Postal Service, being among the most popular. Other templates concentrate on institutions and brands that are trusted by consumers worldwide, including utilities, banks, government bodies such as taxation as well as airlines. The Netcraft report reveals that an average of 120 new domains have been hosting Darcula phishing pages every day this year. It certainly looks like the criminal operators behind the campaign have been busy.

Leveraging Trust By Using The Secure iMessage Platform

All phishing schemes look to leverage trust from the victim, and Darcula is no different. This is one reason why it has opted not to focus on sending messages with malicious links to those spoofed brand domains by SMS. There has simply been too much publicity about SMS scams, and the public is generally wary about responding to the “you have a parcel for a delivery” type of bait used. Instead, Darcula is distributed using iMessage on the iPhone and RCS on Android. The reasoning behind this is that iMessage is regarded as a more secure messaging medium than SMS, and for good reason: it was designed to be precisely that.

The end-to-end encryption employed in iMessage is great for user privacy, but it also enables attackers such as the Darcula criminals to bypass security filtering as the content of the messages cannot be analyzed by the network operators. This leaves “Apple’s on-device spam detection and third-party spam filter apps as the primary line of defense preventing these messages from reaching victims,” Netcraft warns.

How Darcula Evades Apple Security Measures For iMessage Users

Darcula even gets around Apple security measures such as requiring that links in an iMessage can only be clicked if you’ve already replied to the account sending it. “To evade this,” Everett says, “one of the templates created by criminals using Darcula is sent to Apple users with a ‘Please reply to Y’ or ‘Please reply to 1’ message.” Once users have replied, the malicious links are then clickable, and the victim will be redirected to the credential-stealing website operated by the criminals.

How To Defend Yourself Against The Darcula Threat

Because the Darcula phishing pages are very well put together, without the usual spelling mistakes or grammatical errors associated with such campaigns of old, use the local language of the country in question and are convincing copies of the brand being spoofed, it sits with users to be extra vigilant from the get-go. This means you need to be on the lookout for messages that appear to be too good to be true. Even if you are expecting notification concerning a parcel delivery, as this is the most common ruse used by Darcula, be alert to where that message is coming from and take special care to look for unusual domains, such as .top for example, and misspellings or hyphens in the brand name. ”If you’re expecting a message from an organization, navigate to their official website and avoid following links,” Everett advises.

An Apple spokesperson suggested concerned users refer to the Recognize and avoid phishing messages, phony support calls, and other scamssupport posting.

 

Forbes

May 08, 2025

‘Don’t worry’ about your salary early in your career, says Warren Buffett: Focus on this…

I worked at a financial magazine for much of my 20s, and for the most…
May 08, 2025

Pat Utomi forms ‘shadow government’. These are the members and what they’ll do

Economist and political activist, Pat Utomi has assumed a formal opposition role with the formation…
May 09, 2025

Ultra-processed foods are driving premature deaths. Here are the 4 common culprits

Ultra-processed foods are getting a lot of attention. Research links them to cancer, heart disease,…
May 03, 2025

Man accidentally buys his own car after it was stolen a few weeks earlier

An English man unknowingly bought back his own Honda Civic just weeks after it was…
May 07, 2025

Gunmen invade Plateau communities, kill six, injure several

No fewer than six persons were killed in renewed attacks in Marit and Gashish communities…
May 09, 2025

Here’s the latest as Israel-Hamas war enters Day 581

Israel says it intercepted missile fired from Yemen; Houthis claim responsibility Israel's military said on…
May 07, 2025

The first driverless ‘trailers’ have started running regular longhaul routes

Driverless trucks are officially running their first regular long-haul routes, making roundtrips between Dallas and…
January 08, 2025

NFF appoints new Super Eagles head coach

The Nigeria Football Federation (NFF) has appointed Éric Sékou Chelle as the new Head Coach…

NEWSSCROLL TEAM: 'Sina Kawonise: Publisher/Editor-in-Chief; Afolabi Ajibola: IT Manager;
Contact Us: [email protected] Tel/WhatsApp: +234 811 395 4049

Copyright © 2015 - 2025 NewsScroll. All rights reserved.