Malicious Software Targeting Apple Users in China Located

Posted on October 21, 2014 by .

Share and Enjoy:
Follow Me on Pinterest More More

Great Fire, a group that watches censorship by the government in China, announced in their web-site yesterday that they have discovered a hack attack jeopardizing Chinese citizens’ information stored on the Apple iCloud services. This might have something to do with users buying the new iPhone version and wanting to synchronize the information they have stored on their older phones, as the attack somehow coincides with Apple’s iPhone 6 shipping expansion to China started on 17th October, Friday last week.

How the Attack Works?

When trying to synchronize information users get redirected to a potential harmful phishing site where their credentials and other information are re-directed to a location possibly controlled by the Chinese government.

Using Google Chrome and Mozilla, the Great Fire group report states, will warn you that you will be redirected to the unsecured page but if you choose to ignore it, the page will automatically open. Signing in using Oihoo, China’s most popular web-browser, for example, though, the attack will go completely unnoticed and the users will be lead straight to the malicious site. The attack is using a Man-in-the-Middle (MitM) technique relying on a non-trusted user certificate released on 4th October for icloud.com in Pastebin.

Great Fire believe that this is a malicious attack on Apple, which aims to gain access to usernames and passwords and eventually all data stored on iCloud, for example iMessages, contacts, photos, etc. In case users ignored the security warning and decided to click their way to the Apple site and entered their credential, this data is now compromised by the authorities in China.

What Can Users Do to Protect Themselves?

There are several ways to avoid getting your information stolen. One of them is using two-way verification authentication method to stop your data going into third-party hands. Besides the username and the password this method uses a supplement code for data protection. Another way is logging in with a VPN (Virtual Private Network) connection which emerges to be one of the most secure ways to browse around the Internet nowadays.
The attack is targeted to a specific IP location; the Great Fire group thinks – 23.59.94.46 IP. The iCloud DNS may return different IP address though.

Popularity: 4%


Leave a Reply

*
To prove you're a person (not a spam script), type the security word shown in the picture. Click on the picture to hear an audio file of the word.
Click to hear an audio file of the anti-spam word