Friday, 21 March 2014

EA Games website hacked; Phishing page hosted to steal Apple IDs


EA Hacked Netcraft Apple IDRecently we aware you about the tricky phishing scam targeting Google Docs and Google Drive, a similar phishing scam has been detected by the researchers targeting Apple users to steal users’ credentials.
According to the researchers at Netcraft, a UK based security services company, the hackers have compromised the web server owned by the gaming company, Electronic Arts (EA) to host a phishing site which targets Apple ID Account holders, asking for users’ Apple ID and password, along with their full name and date of birth and credit card details as well.
The phishing site attempts to trick a victim into submitting his Apple ID and password. It then presents a second form which asks the victim to verify his full name, card number, expiration date, verification code, date of birth, phone number, mother's maiden name, plus other details that would be useful to a fraudsters,” wrote the researchers in a blog post.

The Hackers compromised the EA Games server by exploiting one of the vulnerabilities in an outdated WebCalendar application and used it as a weapon to create the fake "My Apple ID" page designed to look like the legitimate Apple login page, as shown. Once the users submit the details, they are redirected to the legitimate Apple ID website.

"In this case, the hacker has managed to install and execute arbitrary PHP scripts on the EA server, so it is likely that he can at least also view the contents of the calendar and some of the source code and other data present on the server. The mere presence of old software can often provide sufficient incentive for a hacker to target one system over another, and to spend more time looking for additional vulnerabilities or trying to probe deeper into the internal network." researchers at Netcraft said.
In addition to host a phishing site, the EA Games attack was also used for another phishing attack that steals users' login credentials of Origin digital distribution platform, that means if a site has been online for more than a week, it has attempted to steal email addresses, passwords and security question answers as well, according to the researchers.

Using hijacked Apple ID details, hackers can gain access users' personal data stored on iCloud, including email, contacts, calendars, and photos, that could even be used to clone an iPhone or iPad by restoring an iCloud backup to a device in their possession.
Netcraft informed EA yesterday that their server has been compromised. However, the vulnerable server and the phishing content were still online at the time of publication.

We always recommend our users not to click on any link blindly and the best way to protect yourself from such attacks is by using two-step verification, which means that a code is also required with the ID and Password to access your account.

No comments:

Post a Comment

Popular Posts