Popups in Apple Apps Steal iCloud Credentials

November 14, 2017

Scammers truly don’t give up. That’s because once they find something that works, it works really well, and it can result in a significant payoff. Recently, some of them have figured out how to trick Apple iOS users into giving up their iCloud passwords. And it is a surprisingly simplistic attack. It pays to take a few seconds to read and analyze why you’re being asked for credentials to anything. That’s because this one is so good, it can fool anyone.

Felix Krause, a software expert explained in a blog how scammers are taking advantage of our conditioning of just entering our Apple credentials whenever we are asked, without so much as a pause to consider what we are doing.

The scammers are building popups requesting credentials inside apps. He didn’t get into the gory details or publish the code, although he did say anyone who can program for iOS would be able to do it very easily. Krause created a fake popup that is identical to the actual one that Apple sends.

Take some time when installing apps and updates to make sure the request for any credentials is a legitimate one. There are some ways to avoid falling into this trap:

- If you see a popup, hit the home button on your device. If the app and the popup both disappear, it’s phishing. If they don’t, it’s a genuine request.

- Get into the habit of entering your password manually, rather than putting it into any popup. That means going into the settings and enter it in the app there.
Clear the fields of all text you may have entered and cancel the request.

- In addition, when you are looking for an app to install on any device, do some research first to make sure it isn’t riddled with malware. Read the reviews and if there is something wrong with it, it’ll show there. If there aren’t many reviews and the ones that are showing are all glowing, they may have been planted by whoever put the app up.

Also, avoid sideloading any apps (downloading from sites other than the official app stores). While getting them from the official app stores does not guarantee they are safe, the risk of downloading malware is significantly lower when doing this.

© Copyright 2017 Stickley on Security