Vigilant, Dangerous Phishing Attack Detected It Can Steal Apple Password ID!

Cyber News - Felix Krause, iOS developer and founder Fastlane.Tools demonstrate phishing attacks that are hard to detect and explains how malicious iOS apps can steal Apple ID passwords to gain access to iCloud accounts and data.

According to a blog post published on Tuesday by Krause, an iOS app can use "UIAlertController" to display a fake dialogue box to users, mimicking the look and feel of Apple's official system dialogue.
Therefore, this makes it easier for attackers to convince users to provide Apple ID passwords without suspicion.

Although there is no evidence of malicious attackers exploiting this phishing trick, Krause says that "it's easy to mimic system dialogue," which allows any malicious application to abuse this behaviour.
For security reasons, the developer has decided not to include the actual popup source code when demonstrating the attack.

Here's How To Prevent Phishing Attacks Like This

To protect yourself from these clever phishing attacks, Krause suggests users press the "Home" button as they display the suspicious box.

If pressing the Home button closes both applications, which appears, and the dialogue box is missing, then it is a phishing attack.

If dialogues and apps still exist, then it is an official system dialogue by Apple.
"The reason is that system dialogues run on different processes, and not as part of any iOS app," the developer explained.

Krause also advises users not to insert credentials into any popups and manually open the app settings and then enter the credentials there, just as users do not click on links received via email and log in to legitimate websites manually.

Most importantly, always use 2-factor authentication, even if the attacker gets password access, they still need to struggle to bypass authentication.