Ransomware Imitation Attempts to Fool iPhone Users
Though the threat of computer viruses once lurked primarily in the domain of email attachments and suspicious file downloads, the current landscape is vastly different. Simply doing damage to a system and spreading a virus further is no longer the biggest threat. From spyware to any of the many flavors of malware, there are many new and evolving security issues facing computer systems globally. Ransomware continues its rise to prevalence as infections rise year over year, compromising more machines. Ransomware, a type of malware which locks down user access to the filesystem until a demand for payment is met, has primarily affected Windows machines up to this point in time.
That does not mean that Apple operating systems are safe from the threat, however. Efforts to develop and deploy ransomware that can exploit OS X do exist. From an incomplete proof-of-concept prototype, to the infection of the Transmission BitTorrent client with the functioning KeRanger ransomware, there is certainly a need to be aware and vigilant against these threats. So far, no similar threats that function as ransomware exists on non-jailbroken iOS devices, even as the threat to Android devices rises.
However, this does not mean that malicious parties aren’t trying to fool users. Recent reports highlight attempts made to use Find My iPhone with compromised account credentials to extort money from iOS users. After logging in to a user’s account, hackers use the services meant for locating lost phones to lock the device and place a message on the screen. This message lists an email and demands payment to regain device access.
Thankfully for users, the attack is not very sophisticated. The compromising party can only lock the phone, not alter its lock code. Simply entering the regular lock password allows the user back into their device. Though flawed, this ransom method could potentially trick less savvy users. Because this exploitation exists as a result of compromised Apple IDs, it highlights the continual importance of using unique and strong passwords for every account. Additional measures, such as two-factor authentication, go hand in hand with carefully monitoring important accounts.
The nature of the security threats facing the Apple environment is always changing. As evidenced by this ransomware attempt, there are novel ways in which people try to exploit users for financial gain that do not involve altering the software. The best defense against such threats is a proactive attitude and mindful choices when it comes to personal digital security.