I wrote about a phishing-as-a-service (PhaaS) earlier this week – Threat actors target MFA – here is another one that is active on both iPhones and Android phones.
New Darcula phishing service targets iPhone users via iMessage (bleepingcomputer.com)
One of the main cyber security issues with PhaaS is that relatively low skilled threat actors can get in on the illicit profit train making these attacks much more widespread than those that require high technical skill. Threat gangs operating these malicious services will even take care of collecting the stolen money for a percentage!
This attack is not distributed though SMS texts but exploit Google Messages and Apple iMessage Rich Communication Services (RCS) protocols. But at the end of the day this attack is aimed at stealing credentials from the phone users.
Your takeaway
Do not get complacent because you use a “secure” Apple device and make sure your team know as well.
Clive Catton MSc (Cyber Security) – by-line and other articles