Go Back   MacRumors Forums > News and Article Discussion > Mac Blog Discussion

Reply
 
Thread Tools Search this Thread Display Modes
Old Aug 9, 2013, 09:46 AM   #1
MacRumors
macrumors bot
 
Join Date: Apr 2001
Malicious Apple Store Gift Card Scam Emails Target Users with Malware




Security researchers from Webroot have revealed a malicious email campaign attempting to trick users into thinking they've received a $200 Apple Store Gift Card. But rather than being a simple phishing effort as is common with such emails, the malicious emails contain malware that can be used to compromise targets' Windows-based machines.

Specifically, when the user clicks on a hyperlink within the email or opens an attachment, a malicious Java-based exploit installs itself onto the computer. The exploit is then used to steal data from the personal computer, opening up the user to the possibility of identity theft and other cyber-crimes.
Quote:
A currently ongoing malicious spam campaign is attempting to trick users into thinking that they've successfully received a legitimate 'Gift Card' worth $200. What's particularly interesting about this campaign is that the cybercriminal(s) behind it are mixing the infection vectors by relying on both a malicious attachment and a link to the same malware found in the malicious emails. Users can become infected by either executing the attachment or by clicking on the client-side exploits serving link found in the emails.
Earlier this year, a phishing effort compromised over 100 sites in attempt to gain access to users' Apple ID accounts. Last month, researchers from various security firms uncovered a trojan known as Janicab.A that used a special unicode character to initiate email malware attacks. Apple has also regularly dealt with Java-related vulnerabilities by deploying updates for OS X and introduced Gatekeeper in OS X Mountain Lion to better deal with security threats, offering a way for users to restrict installation of apps to those signed by Apple-issued Developer IDs.

Article Link: Malicious Apple Store Gift Card Scam Emails Target Users with Malware
MacRumors is offline   0 Reply With Quote
Old Aug 9, 2013, 09:48 AM   #2
SandboxGeneral
Moderator
 
SandboxGeneral's Avatar
 
Join Date: Sep 2010
Location: The New World
There's no red flags in that email! haha
__________________
"Gee, I've been on this diet only ten minutes and I've already lost something, my sense of humor."
••• SandboxGeneral.com •••
SandboxGeneral is offline   3 Reply With Quote
Old Aug 9, 2013, 09:52 AM   #3
keysofanxiety
macrumors 65816
 
keysofanxiety's Avatar
 
Join Date: Nov 2011
Location: In a house that defies physics by being colder than absolute zero.
Quote:
Originally Posted by MacRumors View Post
But rather than being a simple phishing effort as is common with such emails, the malicious emails contain malware that can be used to compromise targets' Windows-based machines.
Windows machines? Compromised?

I'll never believe it!
__________________
"And they all lived happily ever after ... except for Pocket, who died of Hepatitis B."
keysofanxiety is offline   6 Reply With Quote
Old Aug 9, 2013, 10:02 AM   #4
mrgraff
macrumors 6502a
 
mrgraff's Avatar
 
Join Date: Apr 2010
Location: Albuquerque
So, for some, even an un-compromised Windows experience is so bad that people are actually falling for the promise of free Apple gear.
mrgraff is offline   1 Reply With Quote
Old Aug 9, 2013, 10:32 AM   #5
MWPULSE
macrumors 6502a
 
Join Date: Dec 2008
Location: London
It occurs to me that attacks on the apple ecosystem (iOS, mac osx) don't seem to be nearly as regular or occurent as attacks on the rest of the services (iCloud and the gift card system. Phishing emails n the such like.)

There doesn't seem to be much that apple can do to counter these phishing/malware attempts of distribution? Or am I reading this wrong?
MWPULSE is offline   0 Reply With Quote
Old Aug 9, 2013, 10:47 AM   #6
Chrjy
macrumors 6502
 
Join Date: May 2010
Location: UK
Do people really still fall for these?!
Chrjy is offline   0 Reply With Quote
Old Aug 9, 2013, 11:10 AM   #7
donutbagel
Banned
 
Join Date: Jun 2013
Java once again. Those who fell for it must have been using Internet Explorer or something.
donutbagel is offline   2 Reply With Quote
Old Aug 9, 2013, 11:30 AM   #8
jonnysods
macrumors 68030
 
Join Date: Sep 2006
Location: Aussie living in Canada
You gotta be crazy clicking on stuff like this. But it would totally fool my dad!
jonnysods is offline   3 Reply With Quote
Old Aug 9, 2013, 11:31 AM   #9
charlituna
macrumors G3
 
charlituna's Avatar
 
Join Date: Jun 2008
Location: Los Angeles, CA
Quote:
Originally Posted by donutbagel View Post
Java once again. Those who fell for it must have been using Internet Explorer or something.
Or really old versions of Java etc.

That is the trick with many of these attacks. Folks not keeping their stuff up to date. We need to get users into the mind set that software updates, at least point ones are like getting booster shots, taking vitamins, getting sleep. You have to do them. Like the folks griping about excessive cell data use etc but never updated iOS 6 when that fix came out
__________________
Return of the Non Tech's Wish List
(She's family so I'm biased )
charlituna is offline   2 Reply With Quote
Old Aug 9, 2013, 11:47 AM   #10
iLilana
macrumors 6502a
 
iLilana's Avatar
 
Join Date: May 2003
Location: Alberta, Canada
People are dumb

Unfortunately most people who fall for these things are old or just plain careless.
__________________
maxed bto 2013 27 inch iMac, iPad2 16gb, dual i7 11 inch late 2012 Macbook Air. iPad mini 32GB with LTE, iPad4 32gb.
iLilana is offline   0 Reply With Quote
Old Aug 9, 2013, 11:49 AM   #11
jafingi
macrumors 65816
 
jafingi's Avatar
 
Join Date: Apr 2009
Location: Denmark
I like that Macs are not affected by the malware.
__________________
Late-2013 15" rMBP (2GHz, 16GB DDR3, 256GB SSD, Iris Pro) iPhone 5 16GB iPad Mini 16GB WiFi iPad 2 16GB WiFi + a lot of old Apple stuff
jafingi is offline   0 Reply With Quote
Old Aug 9, 2013, 11:53 AM   #12
alexrmc92
macrumors regular
 
Join Date: Feb 2013
Quote:
Originally Posted by jafingi View Post
I like that Macs are not affected by the malware.
sandboxing ftw!
alexrmc92 is offline   1 Reply With Quote
Old Aug 9, 2013, 11:53 AM   #13
gnasher729
macrumors G5
 
gnasher729's Avatar
 
Join Date: Nov 2005
Quote:
Originally Posted by keysofanxiety View Post
Windows machines? Compromised?

I'll never believe it!
Well, even though this site is called _Mac_Rumors, there are plenty of people using iPads, iPhones, iPods, but no Macs, so I think it is only right to warn them.

Now if just clicking on a link can cause damage, that's bad. So it would be good if someone could make clear whether that is really the only thing the user has to do to run into trouble.
gnasher729 is offline   0 Reply With Quote
Old Aug 9, 2013, 12:12 PM   #14
Shrink
macrumors Demi-God
 
Shrink's Avatar
 
Join Date: Feb 2011
Location: New England, USA
Quote:
Originally Posted by iLilana View Post
Unfortunately most people who fall for these things are old or just plain careless.
It never ceases to to amaze me that us old, simple minded and gullible old coots ever got to be old, simple minded coots as gullible as we are. You would think, as simple minded as we are, that we would ave been tricked into some deathly trap long before we got to be old and gullible.

Luckily, we have you young, sharp, never-fooled-by-anyone folks to guide us and point out how easy it is to hoodwink us.

BTW: Tha Nigerian Prince thing should pay off any day now...
__________________
Two things are infinite, the universe and human stupidity; and I'm not sure about the universe. -- Albert Einstein

Last edited by Shrink; Aug 9, 2013 at 12:34 PM.
Shrink is offline   5 Reply With Quote
Old Aug 9, 2013, 12:19 PM   #15
Sweetcheetah
macrumors member
 
Join Date: Jun 2007
Location: Bellingham, WA
Just roll your pointer over any suspecting emails

When I get an email that sounds waaay too good to be true, I then proceed cautiously. Just roll over your pointer on any one hot links within the email. In a second there's a possible link URL that will show in yellow just below the pointer where you hovered the link. Most links are in blue. If it looks like a totally different link than where this email should have come from, or the link looks like some sort of adult web site, some sort of penis enlargement web site, or a web site URL that just look unrelated to where it says it came from, then, delete the email knowing that it's definitely spam or scam. Any email with the FROM email will always be from where it claims to be but that doesn't tell you anything. It can come from a buddy of yours that you may know but they may have been affected by that spam and their contacts got accessed to thinking it's from them. Always, hover, look at the link and make your judgement call. 90% of the time that looks too good to be true is usually a different URL for spamming or computer attack.

Generally you can read an email since most spamming emails require you to do what is called "Call to action", meaning you need to click on an important link to go their website in order to take action. An email with attachment with a zip on it is almost ALWAYS a spam that you don't expect from. But if you are a mac user most zips are for window based since most mac's format equivalent to .zip is .sit by stuffit which requires stuffit expander which is rare. So then you can just trash it.
__________________
15" Aluminum MacBook Pro, 2 GHz i7, 10 GB RAM, 500 GB HD, OSX Mavericks 10.9.2 ; 32 GB iPhone 5S (Soon to be iPhone 6 32 GB) ---iLuv™ Apple--- An a day keeps the creative's-block away.

Last edited by Sweetcheetah; Aug 9, 2013 at 12:24 PM.
Sweetcheetah is offline   0 Reply With Quote
Old Aug 9, 2013, 12:48 PM   #16
LOLZpersonok
macrumors 6502a
 
LOLZpersonok's Avatar
 
Join Date: Aug 2012
Location: Calgary, Canada
Quote:
Originally Posted by mrgraff View Post
So, for some, even an un-compromised Windows experience is so bad that people are actually falling for the promise of free Apple gear.
Oh yeah because I totally hate Windows and it soooo never works. I find your bold statement to be inaccurate, from personal experience.

----------

Quote:
Originally Posted by jafingi View Post
I like that Macs are not affected by the malware.
You just wait until Macs become as popular as Windows is. It's bound to happen.

People tend to buy new computers and use the trial antivirus software until it runs out. After then they just don't buy it or get something else, so they're essentially running openly. (This isn't a problem in Windows 8 as there is an antivirus built in) The creators of these scams know this and take advantage of it. There is no point in fighting over it and going on about "look at who's system sucks now", because even though it's funny when it happens to us 'stupid' Windows users it won't be funny when it happens to you. And as soon as the market share for Mac OS X grows so will the numbers of targeted attacks.
__________________
Black 16GB iPhone 5 | 2.1GHz 20" iMac | Dual 1.2GHz Power Mac G4 | 867MHz 12" PowerBook G4 | 500MHz 14.1" PowerBook G3 | 350MHz iMac G3

Last edited by LOLZpersonok; Aug 9, 2013 at 12:58 PM.
LOLZpersonok is offline   0 Reply With Quote
Old Aug 9, 2013, 12:58 PM   #17
mrgraff
macrumors 6502a
 
mrgraff's Avatar
 
Join Date: Apr 2010
Location: Albuquerque
Quote:
Originally Posted by LOLZpersonok View Post
Oh yeah because I totally hate Windows and it soooo never works
Why do I keep trying to post obviously humorous things on MacRumors? I never learn...
mrgraff is offline   2 Reply With Quote
Old Aug 9, 2013, 01:02 PM   #18
donutbagel
Banned
 
Join Date: Jun 2013
Quote:
Originally Posted by charlituna View Post
Or really old versions of Java etc.

That is the trick with many of these attacks. Folks not keeping their stuff up to date. We need to get users into the mind set that software updates, at least point ones are like getting booster shots, taking vitamins, getting sleep. You have to do them. Like the folks griping about excessive cell data use etc but never updated iOS 6 when that fix came out
The solution for Java is to either stay updated or, better, use a browser that warns you when a site you haven't approved to use Java is trying to use Java. There are so few sites that use it legitimately that it's not an inconvenience. Even though Java is updated often to fix vulnerabilities, you could be infected before it's been patched.
donutbagel is offline   0 Reply With Quote
Old Aug 9, 2013, 01:43 PM   #19
LOLZpersonok
macrumors 6502a
 
LOLZpersonok's Avatar
 
Join Date: Aug 2012
Location: Calgary, Canada
Quote:
Originally Posted by mrgraff View Post
Why do I keep trying to post obviously humorous things on MacRumors? I never learn...
Yeah because it's obviously humorous.
__________________
Black 16GB iPhone 5 | 2.1GHz 20" iMac | Dual 1.2GHz Power Mac G4 | 867MHz 12" PowerBook G4 | 500MHz 14.1" PowerBook G3 | 350MHz iMac G3
LOLZpersonok is offline   0 Reply With Quote
Old Aug 9, 2013, 01:48 PM   #20
Habberkuk
macrumors member
 
Join Date: Mar 2013
Location: Under your bed...
Quote:
Originally Posted by Chrjy View Post
Do people really still fall for these?!
Apparently they do...
Habberkuk is offline   0 Reply With Quote
Old Aug 9, 2013, 01:48 PM   #21
HiRez
macrumors 601
 
HiRez's Avatar
 
Join Date: Jan 2004
Location: Western US
Here's where being a good student pays off for you later in life. 99% of these Apple scams are quickly and easily identified if you know anything about grammar and/or typography.
__________________
Go outside, the graphics are amazing!
HiRez is offline   0 Reply With Quote
Old Aug 9, 2013, 05:07 PM   #22
cmichaelb
macrumors 6502a
 
cmichaelb's Avatar
 
Join Date: Aug 2008
Location: Kansas
I've been getting these everyday at work this week. I find it hard to believe they would foll anyone but, sigh, some people are just click happy.

You think the fact they come from a gmail address would be a clue.
__________________
"Compromise on gun-rights? Did Rosa Parks settle for the middle of the bus?"
"The thing about quotes on the internet is you cannot confirm their validity" -Abraham Lincoln
cmichaelb is offline   0 Reply With Quote
Old Aug 9, 2013, 05:21 PM   #23
Parasprite
macrumors 68000
 
Parasprite's Avatar
 
Join Date: Mar 2013
Quote:
Originally Posted by Sweetcheetah View Post
When I get an email that sounds waaay too good to be true, I then proceed cautiously. Just roll over your pointer on any one hot links within the email. In a second there's a possible link URL that will show in yellow just below the pointer where you hovered the link. Most links are in blue. If it looks like a totally different link than where this email should have come from, or the link looks like some sort of adult web site, some sort of penis enlargement web site, or a web site URL that just look unrelated to where it says it came from, then, delete the email knowing that it's definitely spam or scam. Any email with the FROM email will always be from where it claims to be but that doesn't tell you anything. It can come from a buddy of yours that you may know but they may have been affected by that spam and their contacts got accessed to thinking it's from them. Always, hover, look at the link and make your judgement call. 90% of the time that looks too good to be true is usually a different URL for spamming or computer attack.

Generally you can read an email since most spamming emails require you to do what is called "Call to action", meaning you need to click on an important link to go their website in order to take action. An email with attachment with a zip on it is almost ALWAYS a spam that you don't expect from. But if you are a mac user most zips are for window based since most mac's format equivalent to .zip is .sit by stuffit which requires stuffit expander which is rare. So then you can just trash it.
Even though Stuffit expander used to be bundled with Macs, but I hardly ever see .sit/sitx files anymore (at least not a form that isn't related to a PPC app in some way). Chances are overwhelming that if you are on a desktop computer you are going to be using .zip (with .rar as the nearest second) and not .sit/sitx.
Parasprite is offline   0 Reply With Quote
Old Aug 9, 2013, 07:40 PM   #24
Consultant
macrumors G5
 
Consultant's Avatar
 
Join Date: Jun 2007
Quote:
Originally Posted by jonnysods View Post
You gotta be crazy clicking on stuff like this. But it would totally fool my dad!
And this person apparently
http://forums.macrumors.com/showthread.php?t=1617775
Consultant is offline   0 Reply With Quote
Old Aug 10, 2013, 04:03 AM   #25
needfx
macrumors 68030
 
needfx's Avatar
 
Join Date: Aug 2010
Location: macrumors apparently
hardware giveaways...? definitely legit!
needfx is offline   0 Reply With Quote

Reply
MacRumors Forums > News and Article Discussion > Mac Blog Discussion

Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes

Similar Threads
thread Thread Starter Forum Replies Last Post
Difference between iTunes Gift Card & App Store Gift Card (or iBook Gift Card) JerryCards iPhone and iPod touch Apps 0 May 6, 2013 10:14 PM
How can I make sure my Gift Card is not a Scam CSanchez Community Discussion 22 Jan 19, 2013 06:53 PM

Forum Jump

All times are GMT -5. The time now is 11:48 PM.

Mac Rumors | Mac | iPhone | iPhone Game Reviews | iPhone Apps

Mobile Version | Fixed | Fluid | Fluid HD
Copyright 2002-2013, MacRumors.com, LLC