Friday, 29 March 2024 04:39

iMessage security warning for iPhone users in 100 counties

Rate this item
(0 votes)


Some security exploits never die, and others seemingly cannot be killed. When a threat is named after a legendary vampire perhaps we should have expected it to come back from the dead. The real surprise, as security researchers raise the alarm over the Darcula phishing-as-a-service exploit resurfacing, and targeting 100 countries using more than 20,000 registered brand domains to help quench its thirst for iPhone user credential theft, is the way it evades Apple security measures. Here’s what you need to know.

Darcula Rises From The Dead To Suck Credentials From iPhone Users

First spotted in the wild last year by security researcher Oshri Kalfon in July 2023, Darcula has resurfaced and Netcraft’s Harry Everett has issued a new warning to all iPhone users to be onboard the lookout for the bloodthirsty iMessage threat.

Everett describes Darcula as a “new, sophisticated Phishing-as-a-Service (PhaaS) platform used on more than 20,000 phishing domains that provide cyber criminals with easy access to branded phishing campaigns.” The phishing domains in question relate to brands across numerous market sectors and target more than 100 different countries. At least 200 templates exist for would-be attackers to use the Darcula exploit, with postal services, including the United States Postal Service, being among the most popular. Other templates concentrate on institutions and brands that are trusted by consumers worldwide, including utilities, banks, government bodies such as taxation as well as airlines. The Netcraft report reveals that an average of 120 new domains have been hosting Darcula phishing pages every day this year. It certainly looks like the criminal operators behind the campaign have been busy.

Leveraging Trust By Using The Secure iMessage Platform

All phishing schemes look to leverage trust from the victim, and Darcula is no different. This is one reason why it has opted not to focus on sending messages with malicious links to those spoofed brand domains by SMS. There has simply been too much publicity about SMS scams, and the public is generally wary about responding to the “you have a parcel for a delivery” type of bait used. Instead, Darcula is distributed using iMessage on the iPhone and RCS on Android. The reasoning behind this is that iMessage is regarded as a more secure messaging medium than SMS, and for good reason: it was designed to be precisely that.

The end-to-end encryption employed in iMessage is great for user privacy, but it also enables attackers such as the Darcula criminals to bypass security filtering as the content of the messages cannot be analyzed by the network operators. This leaves “Apple’s on-device spam detection and third-party spam filter apps as the primary line of defense preventing these messages from reaching victims,” Netcraft warns.

How Darcula Evades Apple Security Measures For iMessage Users

Darcula even gets around Apple security measures such as requiring that links in an iMessage can only be clicked if you’ve already replied to the account sending it. “To evade this,” Everett says, “one of the templates created by criminals using Darcula is sent to Apple users with a ‘Please reply to Y’ or ‘Please reply to 1’ message.” Once users have replied, the malicious links are then clickable, and the victim will be redirected to the credential-stealing website operated by the criminals.

How To Defend Yourself Against The Darcula Threat

Because the Darcula phishing pages are very well put together, without the usual spelling mistakes or grammatical errors associated with such campaigns of old, use the local language of the country in question and are convincing copies of the brand being spoofed, it sits with users to be extra vigilant from the get-go. This means you need to be on the lookout for messages that appear to be too good to be true. Even if you are expecting notification concerning a parcel delivery, as this is the most common ruse used by Darcula, be alert to where that message is coming from and take special care to look for unusual domains, such as .top for example, and misspellings or hyphens in the brand name. ”If you’re expecting a message from an organization, navigate to their official website and avoid following links,” Everett advises.

An Apple spokesperson suggested concerned users refer to the Recognize and avoid phishing messages, phony support calls, and other scamssupport posting.



May 24, 2024

Younger workers are rejecting assignments. Here's why

If you want to attract – and retain – younger workers, pay attention to their…
May 22, 2024

Northern leaders slam Tinubu, say govt policies responsible of increasing misery, unemployment in Nigeria

The Arewa Consultative Forum (ACF) has criticized policies implemented by President Bola Tinubu's administration, attributing…
May 26, 2024

How to talk to people: 3 ways to stop the cycle of negative self-talk

Negative self-talk, or the experience of your inner monologue being hyper-critical, can erode your confidence.…
May 25, 2024

Wanted criminal pretends to be deaf and dumb for 20 years to avoid prison

A Chinese man wanted for murder managed to avoid police detection for over 20 years…
May 22, 2024

Gunmen kill 40 in fresh attacks on Plateau communities

At least 40 people were killed and many others wounded in an attack by gunmen…
May 26, 2024

What to know after Day 822 of Russia-Ukraine war

RUSSIAN PERSPECTIVE We must stay a step ahead of the enemy – Putin Russia “must…
May 19, 2024

Scientists develop device that can detect when someone is sarcastic

Experts have developed a device that can detect when someone is sarcastic It works by…
April 30, 2024

Finidi George is new Head Coach for Super Eagles

Former Nigerian winger Finidi George has been appointed as the head coach of the national…

NEWSSCROLL TEAM: 'Sina Kawonise: Publisher/Editor-in-Chief; Prof Wale Are Olaitan: Editorial Consultant; Femi Kawonise: Head, Production & Administration; Afolabi Ajibola: IT Manager;
Contact Us: [email protected] Tel/WhatsApp: +234 811 395 4049

Copyright © 2015 - 2024 NewsScroll. All rights reserved.