Virtual Event: Threat Detection and Incident Response Summit - Watch Sessions
Connect with us

Hi, what are you looking for?


Malware & Threats

Apple IDs Targeted in Phishing Scheme: Symantec

Researchers at Symantec spotted a phishing campaign targeting Apple IDs in the days after it was discovered a number of celebrities had their accounts compromised.

Researchers at Symantec spotted a phishing campaign targeting Apple IDs in the days after it was discovered a number of celebrities had their accounts compromised.

According to Symantec, the Kelihos botnet (also known as Waledac) was being used to spam emails purporting to be from Apple. Recently, Kelihos was also involved in attacks targeting Russian victims by playing to anti-Western sentiments. 

In the Apple-related case, the messages blasted out by the botnet tell the recipient that a purchase was made using their iTunes account. The emails had the subject line “Pending Authorisation Notification.”

“The email says that the victim’s account has been used to purchase the film “Lane Splitter” on a computer or device that hadn’t previously been linked to their Apple ID,” the Symantec Security Response Team explains in a blog post Sept. 5. “The email gives an IP address that was used to make the alleged purchase and claims the address is located in Volgograd, Russia.”

Advertisement. Scroll to continue reading.

The messages told the victim if they didn’t make the purchase, they should check their Apple ID by clicking on the accompanying link. The link however led the victim to a phishing disguised as an Apple website that prompts the visitor for their Apple ID and password. If the victim did so, the attackers would be able to leverage the credentials to compromise the account or for resale.

Symantec told SecurityWeek today that it does not have any information suggesting the campaign is still ongoing. The discovery however came on the heels of news that nude photos of a number of celebrities had been stolen from Apple iCloud and posted online.

Apple has said that none of the compromises resulted from a breach of Apple’s Systems, including iCloud or Find my iPhone. Instead, the company attributed the situation to a targeted attack on usernames, passwords and security questions focused on celebrity accounts.

In light of the incident, Apple CEO Tim Cook has said the company will improve security around the iCloud data storage service by among other things alerting customers through email when someone tries to change their account password or restore iCloud data to a new device.

“As long as people click on links in emails and open attachments attackers will exploit this weakness to gain a foothold in corporate networks,” said Rohyt Belani, CEO of security firm PhishMe.

“Organizations have to realize that no technology will block all phishing or detect all malware, so while it’s important to deploy the right network and endpoint protection technologies, you will still have to rely on humans to recognize and defend against threats that reach their inboxes,” he added.

Written By

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

SecurityWeek’s Threat Detection and Incident Response Summit brings together security practitioners from around the world to share war stories on breaches, APT attacks and threat intelligence.


Securityweek’s CISO Forum will address issues and challenges that are top of mind for today’s security leaders and what the future looks like as chief defenders of the enterprise.


Expert Insights

Related Content


The changing nature of what we still generally call ransomware will continue through 2023, driven by three primary conditions.


A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...


No one combatting cybercrime knows everything, but everyone in the battle has some intelligence to contribute to the larger knowledge base.

Malware & Threats

Threat actors are increasingly abusing Microsoft OneNote documents to deliver malware in both targeted and spray-and-pray campaigns.

Malware & Threats

Unpatched and unprotected VMware ESXi servers worldwide have been targeted in a ransomware attack exploiting a vulnerability patched in 2021.

Malware & Threats

A vulnerability affecting IBM’s Aspera Faspex file transfer solution, tracked as CVE-2022-47986, has been exploited in attacks.


The recent ransomware attack targeting Rackspace was conducted by a cybercrime group named Play using a new exploitation method, the cloud company revealed this...

Application Security

Virtualization technology giant VMware on Tuesday shipped urgent updates to fix a trio of security problems in multiple software products, including a virtual machine...