Sidebar Sidebar
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.

Malicious Apple Store Gift Card Scam Emails Target Users with Malware

MacRumors

MacRumors

macrumors bot
Original poster
Apr 12, 2001
67,581
37,973



Security researchers from Webroot have revealed a malicious email campaign attempting to trick users into thinking they've received a $200 Apple Store Gift Card. But rather than being a simple phishing effort as is common with such emails, the malicious emails contain malware that can be used to compromise targets' Windows-based machines.

apple_malicious_email.png
Specifically, when the user clicks on a hyperlink within the email or opens an attachment, a malicious Java-based exploit installs itself onto the computer. The exploit is then used to steal data from the personal computer, opening up the user to the possibility of identity theft and other cyber-crimes.
A currently ongoing malicious spam campaign is attempting to trick users into thinking that they've successfully received a legitimate 'Gift Card' worth $200. What's particularly interesting about this campaign is that the cybercriminal(s) behind it are mixing the infection vectors by relying on both a malicious attachment and a link to the same malware found in the malicious emails. Users can become infected by either executing the attachment or by clicking on the client-side exploits serving link found in the emails.
Click to expand...
Earlier this year, a phishing effort compromised over 100 sites in attempt to gain access to users' Apple ID accounts. Last month, researchers from various security firms uncovered a trojan known as Janicab.A that used a special unicode character to initiate email malware attacks. Apple has also regularly dealt with Java-related vulnerabilities by deploying updates for OS X and introduced Gatekeeper in OS X Mountain Lion to better deal with security threats, offering a way for users to restrict installation of apps to those signed by Apple-issued Developer IDs.

Article Link: Malicious Apple Store Gift Card Scam Emails Target Users with Malware
 
Article Link
https://www.macrumors.com/2013/08/09/malicious-apple-store-gift-card-scam-emails-target-users-with-malware/
MacRumors said:
But rather than being a simple phishing effort as is common with such emails, the malicious emails contain malware that can be used to compromise targets' Windows-based machines.
Click to expand...

Windows machines? Compromised?

I'll never believe it!
 
So, for some, even an un-compromised Windows experience is so bad that people are actually falling for the promise of free Apple gear.
 
It occurs to me that attacks on the apple ecosystem (iOS, mac osx) don't seem to be nearly as regular or occurent as attacks on the rest of the services (iCloud and the gift card system. Phishing emails n the such like.)

There doesn't seem to be much that apple can do to counter these phishing/malware attempts of distribution? Or am I reading this wrong?
 
Java once again. Those who fell for it must have been using Internet Explorer or something.
 
donutbagel said:
Java once again. Those who fell for it must have been using Internet Explorer or something.
Click to expand...

Or really old versions of Java etc.

That is the trick with many of these attacks. Folks not keeping their stuff up to date. We need to get users into the mind set that software updates, at least point ones are like getting booster shots, taking vitamins, getting sleep. You have to do them. Like the folks griping about excessive cell data use etc but never updated iOS 6 when that fix came out
 
keysofanxiety said:
Windows machines? Compromised?

I'll never believe it!
Click to expand...

Well, even though this site is called _Mac_Rumors, there are plenty of people using iPads, iPhones, iPods, but no Macs, so I think it is only right to warn them.

Now if just clicking on a link can cause damage, that's bad. So it would be good if someone could make clear whether that is really the only thing the user has to do to run into trouble.
 
iLilana said:
Unfortunately most people who fall for these things are old or just plain careless.
Click to expand...

It never ceases to to amaze me that us old, simple minded and gullible old coots ever got to be old, simple minded coots as gullible as we are. You would think, as simple minded as we are, that we would ave been tricked into some deathly trap long before we got to be old and gullible.

Luckily, we have you young, sharp, never-fooled-by-anyone folks to guide us and point out how easy it is to hoodwink us.

BTW: Tha Nigerian Prince thing should pay off any day now...
 
Last edited:
Just roll your pointer over any suspecting emails

When I get an email that sounds waaay too good to be true, I then proceed cautiously. Just roll over your pointer on any one hot links within the email. In a second there's a possible link URL that will show in yellow just below the pointer where you hovered the link. Most links are in blue. If it looks like a totally different link than where this email should have come from, or the link looks like some sort of adult web site, some sort of penis enlargement web site, or a web site URL that just look unrelated to where it says it came from, then, delete the email knowing that it's definitely spam or scam. Any email with the FROM email will always be from where it claims to be but that doesn't tell you anything. It can come from a buddy of yours that you may know but they may have been affected by that spam and their contacts got accessed to thinking it's from them. Always, hover, look at the link and make your judgement call. 90% of the time that looks too good to be true is usually a different URL for spamming or computer attack.

Generally you can read an email since most spamming emails require you to do what is called "Call to action", meaning you need to click on an important link to go their website in order to take action. An email with attachment with a zip on it is almost ALWAYS a spam that you don't expect from. But if you are a mac user most zips are for window based since most mac's format equivalent to .zip is .sit by stuffit which requires stuffit expander which is rare. So then you can just trash it.
 
Last edited:
mrgraff said:
So, for some, even an un-compromised Windows experience is so bad that people are actually falling for the promise of free Apple gear.
Click to expand...

Oh yeah because I totally hate Windows and it soooo never works. I find your bold statement to be inaccurate, from personal experience.

----------
jafingi said:
I like that Macs are not affected by the malware. :p
Click to expand...

You just wait until Macs become as popular as Windows is. It's bound to happen.

People tend to buy new computers and use the trial antivirus software until it runs out. After then they just don't buy it or get something else, so they're essentially running openly. (This isn't a problem in Windows 8 as there is an antivirus built in) The creators of these scams know this and take advantage of it. There is no point in fighting over it and going on about "look at who's system sucks now", because even though it's funny when it happens to us 'stupid' Windows users it won't be funny when it happens to you. And as soon as the market share for Mac OS X grows so will the numbers of targeted attacks.
 
Last edited:
charlituna said:
Or really old versions of Java etc.

That is the trick with many of these attacks. Folks not keeping their stuff up to date. We need to get users into the mind set that software updates, at least point ones are like getting booster shots, taking vitamins, getting sleep. You have to do them. Like the folks griping about excessive cell data use etc but never updated iOS 6 when that fix came out
Click to expand...

The solution for Java is to either stay updated or, better, use a browser that warns you when a site you haven't approved to use Java is trying to use Java. There are so few sites that use it legitimately that it's not an inconvenience. Even though Java is updated often to fix vulnerabilities, you could be infected before it's been patched.
 
Here's where being a good student pays off for you later in life. 99% of these Apple scams are quickly and easily identified if you know anything about grammar and/or typography.
 
I've been getting these everyday at work this week. I find it hard to believe they would foll anyone but, sigh, some people are just click happy.

You think the fact they come from a gmail address would be a clue.
 
Sweetcheetah said:
When I get an email that sounds waaay too good to be true, I then proceed cautiously. Just roll over your pointer on any one hot links within the email. In a second there's a possible link URL that will show in yellow just below the pointer where you hovered the link. Most links are in blue. If it looks like a totally different link than where this email should have come from, or the link looks like some sort of adult web site, some sort of penis enlargement web site, or a web site URL that just look unrelated to where it says it came from, then, delete the email knowing that it's definitely spam or scam. Any email with the FROM email will always be from where it claims to be but that doesn't tell you anything. It can come from a buddy of yours that you may know but they may have been affected by that spam and their contacts got accessed to thinking it's from them. Always, hover, look at the link and make your judgement call. 90% of the time that looks too good to be true is usually a different URL for spamming or computer attack.

Generally you can read an email since most spamming emails require you to do what is called "Call to action", meaning you need to click on an important link to go their website in order to take action. An email with attachment with a zip on it is almost ALWAYS a spam that you don't expect from. But if you are a mac user most zips are for window based since most mac's format equivalent to .zip is .sit by stuffit which requires stuffit expander which is rare. So then you can just trash it.
Click to expand...

Even though Stuffit expander used to be bundled with Macs, but I hardly ever see .sit/sitx files anymore (at least not a form that isn't related to a PPC app in some way). Chances are overwhelming that if you are on a desktop computer you are going to be using .zip (with .rar as the nearest second) and not .sit/sitx.
 
You must log in or register to reply here.
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.
Top Bottom
Back