Malicious Apple Store Gift Card Scam Emails Target Users with Malware

Discussion in 'Mac Blog Discussion' started by MacRumors, Aug 9, 2013.

  1. macrumors bot

    MacRumors

    Joined:
    Apr 12, 2001
    #1
    [​IMG]


    Security researchers from Webroot have revealed a malicious email campaign attempting to trick users into thinking they've received a $200 Apple Store Gift Card. But rather than being a simple phishing effort as is common with such emails, the malicious emails contain malware that can be used to compromise targets' Windows-based machines.

    [​IMG]
    Specifically, when the user clicks on a hyperlink within the email or opens an attachment, a malicious Java-based exploit installs itself onto the computer. The exploit is then used to steal data from the personal computer, opening up the user to the possibility of identity theft and other cyber-crimes.
    Earlier this year, a phishing effort compromised over 100 sites in attempt to gain access to users' Apple ID accounts. Last month, researchers from various security firms uncovered a trojan known as Janicab.A that used a special unicode character to initiate email malware attacks. Apple has also regularly dealt with Java-related vulnerabilities by deploying updates for OS X and introduced Gatekeeper in OS X Mountain Lion to better deal with security threats, offering a way for users to restrict installation of apps to those signed by Apple-issued Developer IDs.

    Article Link: Malicious Apple Store Gift Card Scam Emails Target Users with Malware
     
  2. Moderator

    SandboxGeneral

    Staff Member

    Joined:
    Sep 8, 2010
    Location:
    Detroit, Michigan
  3. macrumors 68020

    keysofanxiety

    Joined:
    Nov 23, 2011
    #3
    Windows machines? Compromised?

    I'll never believe it!
     
  4. macrumors 6502a

    mrgraff

    Joined:
    Apr 18, 2010
    Location:
    Albuquerque
    #4
    So, for some, even an un-compromised Windows experience is so bad that people are actually falling for the promise of free Apple gear.
     
  5. macrumors 6502a

    MWPULSE

    Joined:
    Dec 27, 2008
    Location:
    London
    #5
    It occurs to me that attacks on the apple ecosystem (iOS, mac osx) don't seem to be nearly as regular or occurent as attacks on the rest of the services (iCloud and the gift card system. Phishing emails n the such like.)

    There doesn't seem to be much that apple can do to counter these phishing/malware attempts of distribution? Or am I reading this wrong?
     
  6. macrumors 6502a

    Chrjy

    Joined:
    May 19, 2010
    Location:
    UK
  7. macrumors 6502a

    Joined:
    Jun 9, 2013
    #7
    Java once again. Those who fell for it must have been using Internet Explorer or something.
     
  8. macrumors 68030

    Joined:
    Sep 20, 2006
    Location:
    Aussie living in Canada
    #8
    You gotta be crazy clicking on stuff like this. But it would totally fool my dad!
     
  9. macrumors G3

    charlituna

    Joined:
    Jun 11, 2008
    Location:
    Los Angeles, CA
    #9
    Or really old versions of Java etc.

    That is the trick with many of these attacks. Folks not keeping their stuff up to date. We need to get users into the mind set that software updates, at least point ones are like getting booster shots, taking vitamins, getting sleep. You have to do them. Like the folks griping about excessive cell data use etc but never updated iOS 6 when that fix came out
     
  10. macrumors 6502a

    iLilana

    Joined:
    May 5, 2003
    Location:
    Alberta, Canada
    #10
    People are dumb

    Unfortunately most people who fall for these things are old or just plain careless.
     
  11. macrumors 65816

    jafingi

    Joined:
    Apr 3, 2009
    Location:
    Denmark
    #11
    I like that Macs are not affected by the malware. :p
     
  12. macrumors regular

    Joined:
    Feb 7, 2013
    #12
    sandboxing ftw!
     
  13. macrumors G5

    gnasher729

    Joined:
    Nov 25, 2005
    #13
    Well, even though this site is called _Mac_Rumors, there are plenty of people using iPads, iPhones, iPods, but no Macs, so I think it is only right to warn them.

    Now if just clicking on a link can cause damage, that's bad. So it would be good if someone could make clear whether that is really the only thing the user has to do to run into trouble.
     
  14. Shrink, Aug 9, 2013
    Last edited: Aug 9, 2013

    macrumors demi-god

    Shrink

    Joined:
    Feb 26, 2011
    Location:
    New England, USA
    #14
    It never ceases to to amaze me that us old, simple minded and gullible old coots ever got to be old, simple minded coots as gullible as we are. You would think, as simple minded as we are, that we would ave been tricked into some deathly trap long before we got to be old and gullible.

    Luckily, we have you young, sharp, never-fooled-by-anyone folks to guide us and point out how easy it is to hoodwink us.

    BTW: Tha Nigerian Prince thing should pay off any day now...
     
  15. Sweetcheetah, Aug 9, 2013
    Last edited: Aug 9, 2013

    macrumors member

    Sweetcheetah

    Joined:
    Jun 28, 2007
    Location:
    Bellingham, WA
    #15
    Just roll your pointer over any suspecting emails

    When I get an email that sounds waaay too good to be true, I then proceed cautiously. Just roll over your pointer on any one hot links within the email. In a second there's a possible link URL that will show in yellow just below the pointer where you hovered the link. Most links are in blue. If it looks like a totally different link than where this email should have come from, or the link looks like some sort of adult web site, some sort of penis enlargement web site, or a web site URL that just look unrelated to where it says it came from, then, delete the email knowing that it's definitely spam or scam. Any email with the FROM email will always be from where it claims to be but that doesn't tell you anything. It can come from a buddy of yours that you may know but they may have been affected by that spam and their contacts got accessed to thinking it's from them. Always, hover, look at the link and make your judgement call. 90% of the time that looks too good to be true is usually a different URL for spamming or computer attack.

    Generally you can read an email since most spamming emails require you to do what is called "Call to action", meaning you need to click on an important link to go their website in order to take action. An email with attachment with a zip on it is almost ALWAYS a spam that you don't expect from. But if you are a mac user most zips are for window based since most mac's format equivalent to .zip is .sit by stuffit which requires stuffit expander which is rare. So then you can just trash it.
     
  16. LOLZpersonok, Aug 9, 2013
    Last edited: Aug 9, 2013

    macrumors 6502a

    LOLZpersonok

    Joined:
    Aug 10, 2012
    Location:
    Calgary, Canada
    #16
    Oh yeah because I totally hate Windows and it soooo never works. I find your bold statement to be inaccurate, from personal experience.

    ----------

    You just wait until Macs become as popular as Windows is. It's bound to happen.

    People tend to buy new computers and use the trial antivirus software until it runs out. After then they just don't buy it or get something else, so they're essentially running openly. (This isn't a problem in Windows 8 as there is an antivirus built in) The creators of these scams know this and take advantage of it. There is no point in fighting over it and going on about "look at who's system sucks now", because even though it's funny when it happens to us 'stupid' Windows users it won't be funny when it happens to you. And as soon as the market share for Mac OS X grows so will the numbers of targeted attacks.
     
  17. macrumors 6502a

    mrgraff

    Joined:
    Apr 18, 2010
    Location:
    Albuquerque
    #17
    Why do I keep trying to post obviously humorous things on MacRumors? I never learn...
     
  18. macrumors 6502a

    Joined:
    Jun 9, 2013
    #18
    The solution for Java is to either stay updated or, better, use a browser that warns you when a site you haven't approved to use Java is trying to use Java. There are so few sites that use it legitimately that it's not an inconvenience. Even though Java is updated often to fix vulnerabilities, you could be infected before it's been patched.
     
  19. macrumors 6502a

    LOLZpersonok

    Joined:
    Aug 10, 2012
    Location:
    Calgary, Canada
    #19
    Yeah because it's obviously humorous.
     
  20. macrumors member

    Joined:
    Mar 2, 2013
    Location:
    Under your bed...
    #20
    Apparently they do...
     
  21. macrumors 601

    HiRez

    Joined:
    Jan 6, 2004
    Location:
    Western US
    #21
    Here's where being a good student pays off for you later in life. 99% of these Apple scams are quickly and easily identified if you know anything about grammar and/or typography.
     
  22. macrumors 68000

    cmichaelb

    Joined:
    Aug 6, 2008
    Location:
    Kansas
    #22
    I've been getting these everyday at work this week. I find it hard to believe they would foll anyone but, sigh, some people are just click happy.

    You think the fact they come from a gmail address would be a clue.
     
  23. macrumors 68000

    Parasprite

    Joined:
    Mar 5, 2013
    #23
    Even though Stuffit expander used to be bundled with Macs, but I hardly ever see .sit/sitx files anymore (at least not a form that isn't related to a PPC app in some way). Chances are overwhelming that if you are on a desktop computer you are going to be using .zip (with .rar as the nearest second) and not .sit/sitx.
     
  24. macrumors G5

    Consultant

    Joined:
    Jun 27, 2007
    #24
  25. macrumors 68030

    needfx

    Joined:
    Aug 10, 2010
    Location:
    macrumors apparently

Share This Page