Security researchers from Webroot have revealed a malicious email campaign attempting to trick users into thinking they’ve received a $200 Apple Store Gift Card. But rather than being a simple phishing effort as is common with such emails, the malicious emails contain malware that can be used to compromise targets' Windows-based machines.
/article-new/2013/08/apple_malicious_email.png?lossy)
Specifically, when the user clicks on a hyperlink within the email or opens an attachment, a malicious Java-based exploit installs itself onto the computer. The exploit is then used to steal data from the personal computer, opening up the user to the possibility of identity theft and other cyber-crimes.
A currently ongoing malicious spam campaign is attempting to trick users into thinking that they’ve successfully received a legitimate ‘Gift Card’ worth $200. What’s particularly interesting about this campaign is that the cybercriminal(s) behind it are mixing the infection vectors by relying on both a malicious attachment and a link to the same malware found in the malicious emails. Users can become infected by either executing the attachment or by clicking on the client-side exploits serving link found in the emails.
Earlier this year, a phishing effort compromised over 100 sites in attempt to gain access to users’ Apple ID accounts. Last month, researchers from various security firms uncovered a trojan known as Janicab.A that used a special unicode character to initiate email malware attacks. Apple has also regularly dealt with Java-related vulnerabilities by deploying updates for OS X and introduced Gatekeeper in OS X Mountain Lion to better deal with security threats, offering a way for users to restrict installation of apps to those signed by Apple-issued Developer IDs.
Top Rated Comments
(View all)But rather than being a simple phishing effort as is common with such emails, the malicious emails contain malware that can be used to compromise targets' Windows-based machines.
Windows machines? Compromised?
I'll never believe it!
Unfortunately most people who fall for these things are old or just plain careless.
It never ceases to to amaze me that us old, simple minded and gullible old coots ever got to be old, simple minded coots as gullible as we are. You would think, as simple minded as we are, that we would ave been tricked into some deathly trap long before we got to be old and gullible.Luckily, we have you young, sharp, never-fooled-by-anyone folks to guide us and point out how easy it is to hoodwink us.
BTW: Tha Nigerian Prince thing should pay off any day now...
Oh yeah because I totally hate Windows and it soooo never works
Why do I keep trying to post obviously humorous things on MacRumors? I never learn...
Java once again. Those who fell for it must have been using Internet Explorer or something.
Or really old versions of Java etc.
That is the trick with many of these attacks. Folks not keeping their stuff up to date. We need to get users into the mind set that software updates, at least point ones are like getting booster shots, taking vitamins, getting sleep. You have to do them. Like the folks griping about excessive cell data use etc but never updated iOS 6 when that fix came out