DALLAS and DUBLIN – 26 October 2016 – AdaptiveMobile, the world leader in mobile network security, is reporting continued spam being sent from North American iCloud users’ accounts, resulting in these accounts being used to send hundreds of thousands of spam SMS messages to China. The Company is also reporting a broadening of attacks, with the initial messages offering counterfeit luxury goods now expanding to promote gambling sites.
AdaptiveMobile issued a report in September showing how attackers were using compromised North American iCloud accounts to send SMS spam from iPhones attached to the accounts. Today the Company issued new data showing that the number of affected iPhones has risen to more than 11,500 phone numbers since measuring began; these affected iPhones have sent more than 750,000 SMS messages in the last four months. The data shows that there has been a rise in both the number of devices per day affected, as well as spam sent, signifying an ongoing campaign to obtain and use compromised iCloud accounts.
Once attackers have access to the iCloud account, the iPhone associated with that account becomes vulnerable to being used to send large amounts of iMessage spam to Chinese iPhone users. Due to Apple’s “Send as SMS” feature, if the spam recipient in China is not available to receive an iMessage, then the iPhone sender will automatically send the iMessage as a SMS instead. This means that in addition to running the risk of having their phone’s activity limited due to the large amount of spam being sent, victims run the risk of incurring charges to their accounts for all the SMS spam they send to China without their knowledge
“It is probable that attackers access people’s iCloud accounts through known forms of social engineering,” said Cathal Mc Daid, Chief Intelligence Officer at AdaptiveMobile. “What concerns us is the fact that people whose accounts have been compromised could potentially be billed hundreds or thousands of dollars after the attack has taken place. Apple users who notice large number of messages being sent to China from their iPhone should change their password and contact Apple for further assistance.”
AdaptiveMobile encourages any iCloud user who thinks they may have been affected to check their accounts by first logging in and unlinking any devices you don’t recognize. Users should then immediately change their passwords and set up two-step verification.
AdaptiveMobile is the world leader in mobile network security protecting over 1.5 billion subscribers worldwide and the only mobile security company offering products designed to protect all services on both fixed and mobile networks through in-network and cloud solutions. With deep expertise and a unique focus on network-to-handset security, AdaptiveMobile’s award winning security solutions provide its customers with advanced threat detection and actionable intelligence, combined with the most comprehensive security products available on the market today. AdaptiveMobile’s sophisticated, revenue-generating security-as-a-service portfolio empowers consumers and enterprises alike to take greater control of their own security.
AdaptiveMobile was founded in 2004 and boasts some of the world’s largest mobile operators as customers and the leading security and telecom equipment vendors as partners. The Company is headquartered in Dublin with offices in North America, Europe, South Africa, Middle East and Asia Pacific.