Scams and Fraud

A Compromised .GOV URL Hosting Phishing Attacks on Apple Users

May 16, 2015

2 minute read

A couple of months ago we reported how an app store phishing email is stealing Apple user credentials. Now a government of Vietnam domain belonging to its Tam Ky City was found redirecting visitors to another compromised domain asking them to login with their Apple IDs.

The domain hosting the phishing page was anphutamky.gov.vn, redirecting users to a phishing trip towards Apple IDs. The domain link was included in an email, which appeared to be French in nature.

Here’s the email example sent to the users:

“Dear Customer,

Your Apple ID was used to log into iCloud from an unauthorized computer.

Your account is now locked, please log into your account to check your information.

Click here (compromised government domain link)

Apple Support

The link leads to anphutamky(dot)gov(dot)vn/cu/install/css/” which contained little other than code to redirect the visitor. The potential victim was sent to skintesting(dot)com(dot)au/components/com_mailto/views/sent/tmpl/auth/ which is just another compromised domain seeking Apple login credentials. The rogue pages have been taken offline.

Apple Users Hit With KYC Validation/ICloud ID Review Phishing Scam

It is a fact that a .gov website is always looked upon as a potential target for scammers therefore, it is extremely important that Admins keep everything up-to-date and patched up.

Here are the screenshots taken from both compromised sites:

apple-phishing-scam — The email comes in French language | Image via Malwarebytes

Compromised Australian domain hosting Apple ID fale login page | Image via: Malwarebytes

After doing a history check on compromised Vietnam domain, we found out that in Feburary 2015, it was hacked and defaced by an Algerian hacker going with the handle of ViRusx. So no surprise how cybercriminals were using it as bait.

A zone-h mirror of hacked domain as a proof of hack is available below:

http://www.zone-h.org/mirror/id/23663316?zh=1

As far as Apple ID owners, please always verify that you are on the right page before submitting your login credentials. Unless you have asked Apple specifically to send you a URL for let’s say password resetting or any other reason, kindly avoid clicking on random URLs.

So beware and don’t fall for such emails.

Malwarebytes

The Latest

Feds Bust Privacy-Centric Samourai Wallet Over BTC Money Laundering

Ensuring the Security and Efficiency of Web Applications and Systems

Integrated Residential Security Solutions to Employ in 2024

AeroNet Wireless Unveils 10Gbps Internet Plan in Puerto Rico, Revolutionising Telecom Industry

A Compromised .GOV URL Hosting Phishing Attacks on Apple Users

Here are the screenshots taken from both compromised sites:

AeroNet Wireless Unveils 10Gbps Internet Plan in Puerto Rico, Revolutionising Telecom Industry

Xiid SealedTunnel: Unfazed by Yet Another Critical Firewall Vulnerability (CVE-2024-3400)

Global Hack Exposes Personal Data: Implications & Privacy Protection – Axios Security Group

Match Systems report on consequences of CBDC implementation, led by CEO Andrei Kutin

Cypago Announces New Automation Support for AI Security and Governance

A Compromised .GOV URL Hosting Phishing Attacks on Apple Users

Here are the screenshots taken from both compromised sites:

Related Posts