Written by Hazel J. Greene, Senior Analyst

In a recent revelation by a SlowMist security researcher, a new type of phishing attack targeting Apple IDs has been discovered on the Apple App Store. This alarming development has raised concerns among cryptocurrency users who rely on iCloud to back up their wallets, as their assets could be at risk if their two-factor authentication (2FA) gets compromised.

Phishing attacks continue to pose a significant threat to the cryptocurrency community, as malicious actors employ deceptive techniques to trick users into revealing sensitive information such as private keys, passwords, or seed phrases. By gaining unauthorized access to users’ wallets and funds, these attacks can lead to substantial financial losses.

According to the SlowMist security researcher, a new form of attack targeting Apple IDs has been detected on the Apple App Store. This malicious phishing program replicates normal applications and adds the attacker’s number to the trusted 2FA list, thereby gaining control over the account permissions. Cryptocurrency holders who rely on iCloud for wallet backups are particularly vulnerable to this attack.

Users have reported phishing attempts despite having 2FA in place, highlighting the existence of vulnerabilities in iOS and macOS platforms. Cybersecurity firm Kaspersky identified security flaws that allow attackers to obtain user details and root privileges. Both SlowMist and Kaspersky emphasize the importance of updating iOS and macOS devices to mitigate these risks.

Users are strongly advised to update their iOS and macOS devices to protect against potential risks. It is critical to stay proactive in maintaining the security of Apple devices, especially in light of the recent surge in crypto phishing attacks. Kaspersky’s disclosure revealed a 40% year-over-year increase in such attacks from 2022 to 2021, underscoring the heightened risk faced by cryptocurrency users.

Metamask, a leading wallet provider, had previously issued a warning about the potential phishing use of Apple iCloud backups. They cautioned users about the risk of storing seed phrases online, after an Apple user allegedly lost $650,000 worth of digital assets from their MetaMask wallet. Implementing essential security measures and setting strong passwords are crucial to safeguarding one’s funds.

The discovery of a malicious phishing program targeting Apple IDs poses a grave risk to cryptocurrency holders who rely on iCloud for wallet backups. The vulnerabilities found in iOS and macOS platforms further emphasize the urgency of updating devices to protect against potential attacks. In this era of increasing cyber threats, it is paramount for users to remain vigilant and implement robust security measures to safeguard their digital assets.

Disclaimer: The information provided in this research report is for informational purposes only and should not be interpreted as financial or investment advice. The cryptocurrency market is highly volatile, and readers should conduct thorough research before making any investment decisions.