EST Security has warned that user caution is required because of the discovery of a body-cam phishing scam that is aimed at iPhone users as well as Android smartphone users in Korea.
It is a fraud method that criminal organization pretending to be a female user calls for a naked video chat by seducing a man through a smartphone, threatening to send it to a friend, and demand money. The criminal organization searches for victims through a random chat app that finds strangers to chat.
Since then, they used KakaoTalk, Skype and other mobile video calling support to invite the victim to ask for naked video chat and video recording. At that time, they induce the victim to install another app by giving other excuses like sound-error or etc. The malicious code included in this app threatens to steal the address book stored on the smartphone and to send this video to the contact of the actual acquaintance.
In the case of Android smartphones, apps that are not registered in the official market have also become a major target because they can install apps by downloading apk files via links, however, iPhone was known to be safe from these threats because unregistered apps can not be installed.
However, according to the EST Security Response Center, the newly discovered hermaphroditic type seizes the account information of the iPhone user through a different method than the existing one. This phish is to attract victims to a number of phishing sites with keywords that can be associated with ‘adult dating’, then configure the Android and iOS application download buttons separately so that users can see the apps as if they can install apps for their smartphone environment.
If the victim clicks the Android button on this screen, the malicious app will be installed as before, but when iOS button is clicked, the phishing site screen that looks same as the Apple’s iTunes appears and requires to input iTunes account information. If the user enters the account information without any doubt, the criminal will know the user’s account and password. It is the same method as phishing done on existing financial sites.
They can steal contact information that is synced to the iCloud in the future and use it to threaten the other party that they will send the video they recorded to their contacts.
“The iOS operating system has been known to be relatively safe from SMSing, phishing, and Ransomware, but it is hard to completely prevent security threats,” said Joe Sung Kim, vice president of EST Security. “You should be careful not to enter your account information on an unclear site, and you must follow security guidelines, such as installing apps only through the official App Store. “