An unknown developer has created a program that allows you to fraudulently gain access to iCloud logins and passwords and thus unlink Apple devices from accounts. One of the white hackers told vc.ru about a fraudulent scheme using this program. Attackers buy it for $ 60, then create websites with iPhone unlocking services and sell them to those who buy or steal locked devices.
This scheme works as follows. An iPhone is stolen from the user, and a few days later he receives a message on his other devices stating that the smartphone has been found and transferred to the Apple Store. To get it back, you need to fill out the return form using the link leading to the fake Apple website. There he enters the username and password from his iCloud, undergoes two-factor authentication, after which the Telegram bot automatically unlinks it from the account and sends all user data (device model, country, city, IMEI, IP, and so on) to the attacker.
A hacker with the nickname Link managed to disclose this scheme thanks to a vulnerability on one of the phishing sites. It made it possible to find a token for accessing the public Telegram account, from which messages were sent about the device being hacked. In addition, the hackers found a group on Telegram, where users who bought the program (about 200 people), as well as the seller himself, communicated. There can be about 300 fake sites around the world, and the number of affected users is more than 10 thousand people. Link turned to Apple, which promised to figure it out.
If you lose your Apple device, you can remotely lock it or put it into Lost Mode. The second option does not protect against phishing, therefore, the company advises when receiving suspicious messages to forward them to the address firstname.lastname@example.org also change your Apple ID password.