The launch of iPhone is being exploited by cyber-crooks for financial gain. PandaLabs has uncovered a tool that controls a botnet made up of over 7,500 zombie computers infected by the Aifone.A bot Trojan. If the user of an infected PC tries to buy an iPhone online, their confidential data might end up in the hands of cyber-criminals.
The tool uncovered by PandaLabs has a series of features that allow cyber-crooks to take users of infected computers to a false page that appears to be the iPhone official page. As a result, if the user tries to buy the phone from the spoof page, they will actually be giving their bank details to cyber-criminals.
One of the tabs in the tool, called “REDIRECTS ADMIN”, allows criminals to specify the web pages that the bot must redirect and where they must be redirected to. In this case, the tool sends users that want to visit the iPhone official pages to a false web page.
Another tab, “SEARCH REDIR”, is used to specify the results that the Trojan must display when the infected user performs an Internet search and where they should be redirected to when they click any of the links. Obviously, this will be the false page.
In section “INJECTS ADMIN” it is possible to indicate the links that the Aifone.A Trojan must modify. As a consequence, if the user visits a web page that contains a link to a page dealing with iPhone, they will also be redirected to the false page.
Other tabs, “POPUPS ADMIN” and “BANNERS ADMIN”, allow cyber-crooks to display pop-ups and banners with advertising about iPhone on the infected computer. This aims at enticing users to visit the spoofed web page and buy the phone from it.
“This is one of the most sophisticated attacks we have seen targeting a user community, in this case iPhone users. It is a really complex, dangerous attack that combines elements of malware (the Trojan), phishing (the spoofed web page) and even adware (pop-ups, modification of search results, etc.)”, explains Luis Corrons, Technical Director of PandaLabs.
The real danger behind this attack is the fact that, in the same way that it is now being used to affect users that want to buy an iPhone, it could be slightly modified and used to affect users interested in any other product, or even several groups of users simultaneously, which would increase the cyber-criminals’ chances of success.