Crypto Phishing 2FA Exploit on Apple Devices Hunts Wallet Info
There is a new kind of crypto phishing attack related to 2FA on Apple devices, according to a SlowMist security researcher. Once attacked, the perpetrator could gain access to wallet info on iCloud.
A SlowMist security researcher posted information about a new kind of attack concerning crypto holders on Apple devices. The researcher said that a malicious phishing program was on the Apple App Store.
SlowMist Exec Talks About Crypto Phishing on Apple Devices
The executive stated that this was the latest kind of attack on Apple IDs, with the malicious phishing program stealing users’ accounts and passwords. It does so by imitating normal applications. The attacker then “adds their own number to the trusted number of two-factor authentication to control account permissions.”
This is especially important for cryptocurrency users because oftentimes, they will back up their wallets on iCloud. If attacked, they stand the chance to lose assets if their 2FA is compromised.
Others in online forums have also talked about how they are being phished despite 2FA. It’s clear that this is a new kind of phishing attack, which has become popular as a means to steal funds.
Cybersecurity company Kaspersky had also discovered that there were vulnerabilities in the iOS and macOS platforms, which could result in the loss of crypto assets. Specifically, the security flaws would allow attackers to gain access to user details and root privileges.
SlowMist later confirmed that these vulnerabilities were present in both operating systems. Both SlowMist and Kaspersky asked users to update their iOS and macOS devices.
The warning comes not long after Kaspersky revealed that crypto phishing attacks increased by 40% year-over-year between 2022 and 2021.
Furthermore, in addition to SlowMist’s crypto phishing warning, MetaMask also pointed out the vulnerabilities in iCloud backups in the past.
The wallet provider warned Apple users in April 2023 that automatic iCloud backups of their MetaMask wallet data would have their seed phrases stored online.
The warning told users who had not changed their default device settings that they would be subject to potentially losing their funds if they didn’t take necessary security precautions.
Such precautions include setting a strong password. One NFT collector experienced this very kind of attack, losing about $650,000 worth of NFTs in April.
Disclaimer
In adherence to the Trust Project guidelines, BeInCrypto is committed to unbiased, transparent reporting. This news article aims to provide accurate, timely information. However, readers are advised to verify facts independently and consult with a professional before making any decisions based on this content.
