SlowMist Security Researcher Reveals Crypto Phishing Attack Exploiting Apple Device 2FA
A recent revelation by a SlowMist security researcher has highlighted a new type of attack aimed at cryptocurrency holders using Apple devices. The researcher disclosed that a malicious phishing program has been detected on the Apple App Store which he described as the newest form of attack targeting Apple IDs.
Cryptocurrency users have been warned to be particularly cautious as many of them rely on iCloud to back up their wallets. This is because, in the event of an attack, their assets could be at risk of loss if their 2FA gets compromised.
The malicious phishing program is able to do this by replicating normal applications. And subsequently, the attacker adds their own number to the trusted two-factor authentication list, thereby gaining control over the account permissions.
Phishing stands as a significant threat among numerous crypto scams, posing a considerable danger to the entire cryptocurrency community. In phishing attacks, malicious actors employ deceptive techniques to trick users into revealing sensitive information, such as private keys, passwords, or seed phrases, with the aim of gaining unauthorized access to their cryptocurrency wallets and funds
Vulnerabilities Found In iOS And MacOS Platforms
Online forum users have also reported experiencing phishing attempts despite having 2FA in place. Additionally, cybersecurity firm Kaspersky identified vulnerabilities in the iOS and macOS platforms, posing a risk of crypto asset loss.
These security flaws enable attackers to obtain user details and root privileges, which SlowMist later verified that the identified vulnerabilities were present in both operating systems.
Both SlowMist and Kaspersky have now urged users to update their iOS and macOS devices to safeguard against these potential risks. This warning is coming shortly after Kaspersky’s disclosure that crypto phishing attacks surged by 40% year-over-year from 2022 to 2021, indicating a higher risk of being compromised for crypto users.
MetaMask Issued Prior Warning On Crypto Phishing Scams
SlowMist and Kaspersky are not the only ones that have issued warnings about phishing scams as MetaMask issued a prior warning about the potential use of Apple iCloud backups as a phishing tool. This cautionary message followed a reported incident where an Apple user allegedly lost $650,000 worth of digital assets from their MetaMask wallet.
In April 2023, the wallet provider alerted Apple users about the risk associated with automatic iCloud backups of their MetaMask wallet data, specifically highlighting that it could lead to their seed phrases being stored online.
To access the wallet, one requires a ‘seed phrase,’ which essentially functions as the password and one of the essential precautions is setting a strong and secure password.
Metamask’s warning notified users who hadn’t modified their default device settings that they might risk losing their funds if they failed to implement essential security measures.
The total crypto market cap was at $1.13 trillion on the one-day chart | Source: TradingView