Thieves who are stealing iPhones have started to use a clever step to increase their profit margins.
Criminals are sending phishing emails to theft victims wherein they pretend to be an Apple representative in order to steal the victim’s Apple ID and password. Once that’s stolen, the phone can be unlocked and sold for a much higher price.
New research from cybersecurity firm Trend Micro shows the tactic is growing in popularity to the point where it supports a growing ecosystem of crime-as-a-service businesses to support enterprising crooks.
Two popular tools in particular help turn stealing iPhones into a scaleable business. The AppleKit (sold with the Apple inspired tagline “Simple But Powerful”) is a web panel that keeps close track of victims, phished credentials and stolen devices. Developed and sold by a hacker named Mustapha Othman, the tool has its origins in Arab-language hacking forums.
AppleKit is sold for around $300.
The second popular tool is MagicApp which “automates the unlocking of iPhones and is used in conjunction with other attack vectors,” Trend Micro’s researchers wrote. Among other methods, MagicApp offers 50 customizable phishing templates in an effort to freely get the iCloud credentials that make unlocking a breeze.
All the developers can be reached on social media networks like Twitter or chat apps like Telegram. There is a wide array of happy customers publishing positive customer feedback, including screenshots of unlocked phones.
— Icloudfrance (@Icloudfrance1) November 10, 2017
For more on this phenomenon, you should check out this incredible 2016 short film that delves into the world of phone theft: