Malicious Apple Store Gift Card Scam Emails Target Users with Malware

Discussion in 'Mac Blog Discussion' started by MacRumors, Aug 9, 2013.

  1. macrumors bot


    Apr 12, 2001

    Security researchers from Webroot have revealed a malicious email campaign attempting to trick users into thinking they've received a $200 Apple Store Gift Card. But rather than being a simple phishing effort as is common with such emails, the malicious emails contain malware that can be used to compromise targets' Windows-based machines.

    Specifically, when the user clicks on a hyperlink within the email or opens an attachment, a malicious Java-based exploit installs itself onto the computer. The exploit is then used to steal data from the personal computer, opening up the user to the possibility of identity theft and other cyber-crimes.
    Earlier this year, a phishing effort compromised over 100 sites in attempt to gain access to users' Apple ID accounts. Last month, researchers from various security firms uncovered a trojan known as Janicab.A that used a special unicode character to initiate email malware attacks. Apple has also regularly dealt with Java-related vulnerabilities by deploying updates for OS X and introduced Gatekeeper in OS X Mountain Lion to better deal with security threats, offering a way for users to restrict installation of apps to those signed by Apple-issued Developer IDs.

    Article Link: Malicious Apple Store Gift Card Scam Emails Target Users with Malware
  2. Moderator


    Staff Member

    Sep 8, 2010
    Detroit, Michigan
    There's no red flags in that email! haha :D
  3. macrumors 68000


    Nov 23, 2011
    Windows machines? Compromised?

    I'll never believe it!
  4. macrumors 6502a


    Apr 18, 2010
    So, for some, even an un-compromised Windows experience is so bad that people are actually falling for the promise of free Apple gear.
  5. macrumors 6502a


    Dec 27, 2008
    It occurs to me that attacks on the apple ecosystem (iOS, mac osx) don't seem to be nearly as regular or occurent as attacks on the rest of the services (iCloud and the gift card system. Phishing emails n the such like.)

    There doesn't seem to be much that apple can do to counter these phishing/malware attempts of distribution? Or am I reading this wrong?
  6. macrumors 6502a


    May 19, 2010
    Do people really still fall for these?!
  7. macrumors 6502a

    Jun 9, 2013
    Java once again. Those who fell for it must have been using Internet Explorer or something.
  8. macrumors 68030

    Sep 20, 2006
    Aussie living in Canada
    You gotta be crazy clicking on stuff like this. But it would totally fool my dad!
  9. macrumors G3


    Jun 11, 2008
    Los Angeles, CA
    Or really old versions of Java etc.

    That is the trick with many of these attacks. Folks not keeping their stuff up to date. We need to get users into the mind set that software updates, at least point ones are like getting booster shots, taking vitamins, getting sleep. You have to do them. Like the folks griping about excessive cell data use etc but never updated iOS 6 when that fix came out
  10. macrumors 6502a


    May 5, 2003
    Alberta, Canada
    People are dumb

    Unfortunately most people who fall for these things are old or just plain careless.
  11. macrumors 65816


    Apr 3, 2009
    I like that Macs are not affected by the malware. :p
  12. macrumors regular

    Feb 7, 2013
    sandboxing ftw!
  13. macrumors G5


    Nov 25, 2005
    Well, even though this site is called _Mac_Rumors, there are plenty of people using iPads, iPhones, iPods, but no Macs, so I think it is only right to warn them.

    Now if just clicking on a link can cause damage, that's bad. So it would be good if someone could make clear whether that is really the only thing the user has to do to run into trouble.
  14. Shrink, Aug 9, 2013
    Last edited: Aug 9, 2013

    macrumors demi-god


    Feb 26, 2011
    New England, USA
    It never ceases to to amaze me that us old, simple minded and gullible old coots ever got to be old, simple minded coots as gullible as we are. You would think, as simple minded as we are, that we would ave been tricked into some deathly trap long before we got to be old and gullible.

    Luckily, we have you young, sharp, never-fooled-by-anyone folks to guide us and point out how easy it is to hoodwink us.

    BTW: Tha Nigerian Prince thing should pay off any day now...
  15. Sweetcheetah, Aug 9, 2013
    Last edited: Aug 9, 2013

    macrumors member


    Jun 28, 2007
    Bellingham, WA
    Just roll your pointer over any suspecting emails

    When I get an email that sounds waaay too good to be true, I then proceed cautiously. Just roll over your pointer on any one hot links within the email. In a second there's a possible link URL that will show in yellow just below the pointer where you hovered the link. Most links are in blue. If it looks like a totally different link than where this email should have come from, or the link looks like some sort of adult web site, some sort of penis enlargement web site, or a web site URL that just look unrelated to where it says it came from, then, delete the email knowing that it's definitely spam or scam. Any email with the FROM email will always be from where it claims to be but that doesn't tell you anything. It can come from a buddy of yours that you may know but they may have been affected by that spam and their contacts got accessed to thinking it's from them. Always, hover, look at the link and make your judgement call. 90% of the time that looks too good to be true is usually a different URL for spamming or computer attack.

    Generally you can read an email since most spamming emails require you to do what is called "Call to action", meaning you need to click on an important link to go their website in order to take action. An email with attachment with a zip on it is almost ALWAYS a spam that you don't expect from. But if you are a mac user most zips are for window based since most mac's format equivalent to .zip is .sit by stuffit which requires stuffit expander which is rare. So then you can just trash it.
  16. LOLZpersonok, Aug 9, 2013
    Last edited: Aug 9, 2013

    macrumors 6502a


    Aug 10, 2012
    Calgary, Canada
    Oh yeah because I totally hate Windows and it soooo never works. I find your bold statement to be inaccurate, from personal experience.


    You just wait until Macs become as popular as Windows is. It's bound to happen.

    People tend to buy new computers and use the trial antivirus software until it runs out. After then they just don't buy it or get something else, so they're essentially running openly. (This isn't a problem in Windows 8 as there is an antivirus built in) The creators of these scams know this and take advantage of it. There is no point in fighting over it and going on about "look at who's system sucks now", because even though it's funny when it happens to us 'stupid' Windows users it won't be funny when it happens to you. And as soon as the market share for Mac OS X grows so will the numbers of targeted attacks.
  17. macrumors 6502a


    Apr 18, 2010
    Why do I keep trying to post obviously humorous things on MacRumors? I never learn...
  18. macrumors 6502a

    Jun 9, 2013
    The solution for Java is to either stay updated or, better, use a browser that warns you when a site you haven't approved to use Java is trying to use Java. There are so few sites that use it legitimately that it's not an inconvenience. Even though Java is updated often to fix vulnerabilities, you could be infected before it's been patched.
  19. macrumors 6502a


    Aug 10, 2012
    Calgary, Canada
    Yeah because it's obviously humorous.
  20. macrumors member

    Mar 2, 2013
    Under your bed...
    Apparently they do...
  21. macrumors 601


    Jan 6, 2004
    Western US
    Here's where being a good student pays off for you later in life. 99% of these Apple scams are quickly and easily identified if you know anything about grammar and/or typography.
  22. macrumors 68000


    Aug 6, 2008
    I've been getting these everyday at work this week. I find it hard to believe they would foll anyone but, sigh, some people are just click happy.

    You think the fact they come from a gmail address would be a clue.
  23. macrumors 68000


    Mar 5, 2013
    Even though Stuffit expander used to be bundled with Macs, but I hardly ever see .sit/sitx files anymore (at least not a form that isn't related to a PPC app in some way). Chances are overwhelming that if you are on a desktop computer you are going to be using .zip (with .rar as the nearest second) and not .sit/sitx.
  24. macrumors G5


    Jun 27, 2007
  25. macrumors 68030


    Aug 10, 2010
    macrumors apparently
    hardware giveaways...? definitely legit!

Share This Page