AdaptiveMobile finds that thousands of North American iCloud users’ accounts are still being hijacked to send spam
DALLAS and DUBLIN – 26 October 2016 – AdaptiveMobile, the world leader in mobile network security, is reporting continued spam being sent from North American iCloud users’ accounts, resulting in these accounts being used to send hundreds of thousands of spam SMS messages to China. The Company is also reporting a broadening of attacks, with the initial messages offering counterfeit luxury goods now expanding to promote gambling sites.
AdaptiveMobile issued a report in September showing how attackers were using compromised North American iCloud accounts to send SMS spam from iPhones attached to the accounts. Today the Company issued new data showing that the number of affected iPhones has risen to more than 11,500 phone numbers since measuring began; these affected iPhones have sent more than 750,000 SMS messages in the last four months. The data shows that there has been a rise in both the number of devices per day affected, as well as spam sent, signifying an ongoing campaign to obtain and use compromised iCloud accounts.
Once attackers have access to the iCloud account, the iPhone associated with that account becomes vulnerable to being used to send large amounts of iMessage spam to Chinese iPhone users. Due to Apple’s “Send as SMS” feature, if the spam recipient in China is not available to receive an iMessage, then the iPhone sender will automatically send the iMessage as a SMS instead. This means that in addition to running the risk of having their phone’s activity limited due to the large amount of spam being sent, victims run the risk of incurring charges to their accounts for all the SMS spam they send to China without their knowledge
“It is probable that attackers access people’s iCloud accounts through known forms of social engineering,” said Cathal Mc Daid, Chief Intelligence Officer at AdaptiveMobile. “What concerns us is the fact that people whose accounts have been compromised could potentially be billed hundreds or thousands of dollars after the attack has taken place. Apple users who notice large number of messages being sent to China from their iPhone should change their password and contact Apple for further assistance.”
AdaptiveMobile encourages any iCloud user who thinks they may have been affected to check their accounts by first logging in and unlinking any devices you don’t recognize. Users should then immediately change their passwords and set up two-step verification.
Enea is a world-leading specialist in software for telecom and cybersecurity. The company’s cloud-native solutions connect, optimize, and secure services for mobile subscribers, enterprises, and the Internet of Things. More than 100 communication service providers and 4.5 billion people rely on Enea technologies every day.
Enea has strengthened its product portfolio and global market position by integrating a number of acquisitions, including Qosmos, Openwave Mobility, Aptilo Networks, and AdaptiveMobile Security. Enea is headquartered in Stockholm, Sweden, and is listed on Nasdaq Stockholm.
For more information: https://www.enea.com