A fraudster calling himself Oleg Pliss is targeting Apple iPhones and iPads with an attack that prevents the user from unlocking the phone and displaying a message of where to send $100 to have the device unlocked. Details about the exploit are still being investigated, but it seems to be targeting devices via compromised iCloud accounts.
Ransomware is a type of malware that attempts to take a device hostage and requires payment to give control of the device back to the user, although sending payment does not guarantee the malware will relinquish control. While this type of malware has targeted computers for several years and has also targeted Android mobile devices, this is the first reported incidence affecting iOS devices. These attacks were originally concentrated in Australia but have since spread to the U.S. and elsewhere.
Although the specifics of how the malware works are still being analyzed, it seems that Apple IDs and passwords that have been compromised via iCloud are being remotely locked using Apple’s Find My iPhone service. Infected devices begin making the siren noise that helps users find their lost or stolen iPhones and iPads and display the following message:
“Device hacked by Oleg Pliss. For unlock device, you need send voucher code by 100 usd/eur (Moneypack/Ukash/PaySafeCard) to email:firstname.lastname@example.org for unlock.”
Apple iOS users victimized by the attack have claimed that they accessed iCloud and could see that lost mode was enabled for their device, but they were unable to disable this and regain control of their device. Some device owners were able to restore the device to factory settings and regain control, but effectively wiped the devices memory clean.
Apple has not yet officially commented on the matter, and it may not be a direct compromise with Apple or iCloud. One victim of this attack admitted that their iCloud password was the same one they used for their eBay account, which may have been compromised in a recent data breach.
For more information: