Trend Micro Facebook TrendLabs Twitter Malware Blog RSS Feed You Tube - Trend Micro
Search our blog:

  • Mobile Vulnerabilities

  • Zero-Day Alerts

  • Recent Posts

  • Calendar

    August 2015
    S M T W T F S
    « Jul    
  • Email Subscription

  • About Us

    Over the weekend, news reports of “hacked” iTunes accounts used to purchase worthless apps surfaced.

    And since there was no evidence nor report of an iTunes App Store data leak, it is most likely that individual iTunes user credentials were stolen via phishing attacks.

    Click for larger view

    What’s interesting about this incident is it doesn’t involve any malicious app. Instead, it led to the sudden rise in rating of common, unpopular apps in Apple’s App Store because stolen iTunes accounts were used to purchase them.

    This is interesting because cybercrime groups have now found a working business model in monetizing phished user accounts in Apple’s App Store. They’ve circumvented Apple’s “strict” app review process by submitting nonmalicious apps (doesn’t matter if the app is worthless) then used phished iTunes accounts to buy (and make money from) the worthless apps.

    This is an interesting business model, by targeting user accounts, cybercriminals attacked the weakest link in the system (the user), only using Apple’s App Store as platform and the worthless apps as means to cash in on phished accounts.

    May this incident serve as a glaring reminder on the importance of our online accounts, especially if our credit and/or debit cards are tied to them.

    Share this article
    Get the latest on malware protection from TrendLabs
    Email this story to a friend   Technorati   NewsVine   MySpace   Google   Live   StumbleUpon

    Comments are closed.


    © Copyright 2013 Trend Micro Inc. All rights reserved. Legal Notice