What happened to OC? - CLOSED Carnage?!
Sign in to follow this  
Followers 0
Pfhunkie

Apple iOS ransomware mystery deepens - "Oleg Pliss" pops up in LA

12 posts in this topic

960996543.jpg

We still can't tell you how the "Oleg Pliss" hack works. That's the curious message that popped up on Apple iOS devices in Australia earlier this week. Victims were woken up in the early hours by a beeping phone displaying the sort of message that doesn't exactly brighten your day at 4am.

307350997.jpg

Device hacked by Oleg Pliss. For unlock device YOU NEED send voucher code by 50$...

The attack wasn't really an "infection" or an "outbreak," because it didn't seem to involve any malware or malicious activity on the device itself. Instead, it looks as though the crooks have somehow got hold of the victims' Apple ID credentials (or figured out a way into their Apple accounts without the credentials), and simply used the Find My iPhone feature in a back-to-front way.

Telling Apple's cloud servers that your phone is lost is supposed to lock it up until you get it back and can unlock it in the safety of your own loving embrace. That way, the phone is useless while any crook has it in his or her possession. But in this case, the crooks lock your phone while you still have it in your possession, and offer to sell you back access to it. It's a bit like coming back to your bicycle (you always wonder, "Will it still be there?") and gleefully noticing it hasn't been stolen. Then you find that some sleazebag has D-locked it to the lamppost and left a note saying, "Lock for sale, $100. Free key with every purchase. Call me."

 

Swapping one mystery for another

 

So far, we've only been able to speculate (with our readers' help) on how this iOS extortion was carried out. The most likely-sounding explanations (e.g. passwords re-used from another breach, or credentials acquired through phishing) are confounded by the apparently tight regional distribution of the first victims, who were almost all in Australia. For example, let's imagine that every single victim re-used their Apple password on some other site. For that to explain the Oleg Pliss attack, we now have to find a site common to all victims that:

  • Sells a service that only Aussies would buy.
  • Stores passwords insecurely so that even strong passwords can be recovered.
  • Suffered a breach that has, until now, escaped everyone's notice.

In short, we just swapped one mystery for another.

 

Blame it on an app

 

Some readers have wondered if the attack might be down to an insecure iOS app that only Aussies would use (many apps are geo-locked, especially if they give access to copyrighted content licensed for a single region, such as videos). By means of this hypothetical app, the crooks might have been able to siphon off Apple credentials. After all, a recent study of online banking apps showed that 40% of them didn't bother to validate HTTPS security certificates, meaning that a crook who could redirect your web traffic could feed you fake "secure" sites without any alarm bells ringing. And we've regularly written about insecurities in home routers that could allow crooks to take over your household's internet gateway and thereby redirect your web traffic.

 

The mystery deepens

 

Well, the mystery just got more mysterious. The first reports are in from victims who have no connection to Australia. This time, it's Southern California, with residents of the Greater Los Angeles Area being confronted by the enigmatic Oleg Pliss. We don't have any details on exactly what Angelenos are seeing when Mr Pliss comes calling. In the Australian flavour, we've seen a screenshot demanding $50 in MoneyPak vouchers (see image above) to be sent by email to one address, and read of a demand for $100 to be sent to a different address using PayPal.

Apparently, the PayPal address has never existed, so you couldn't pay over the $100 even if you wanted to.
 
262312864.jpg

We've not heard of anyone who tried emailing a MoneyPak voucher to the other email address (and we don't recommend trying it!), so we don't know whether anyone's collecting money via that path.

 

What to do

 

What we do know is that if you do get the dreaded message from Oleg Pliss, there's no need to panic. If you your device is registered at work with some kind of corporate mobile device management product (such as Sophos Mobile Control), you may be able to unlock it independently of Apple's locking mechanism. That means you can cut out the crooks without doing a recovery reset and losing all your data. If not, then if you haven't backed up your phone, you might at worst lose all your data, but at least your phone isn't D-locked to that lamppost for ever.

 

Source

Takka likes this

4VWJfoZ.gif

"You fix my mistakes is what you do." - Tucker
"You're useless." - Tucker 2 minutes later

"You're sort of cool in some ways." - Kavawuvi

 

"Fuck off." - Mint Blitz

Share this post


Link to post
Share on other sites

Tiddy-bits:

Now thats scary. At least i got Avast on my Android so im not too worried.

Share this post


Link to post
Share on other sites

Now thats scary. At least i got Avast on my Android so im not too worried.

antivirus on your phone is like walking around with a condom on but not having sex: You'll still get sick if someone with the flu sneezes on you.  It's even easier with your phone than your computer to avoid malware, just don't download obscure or otherwise untrustworthy apps.  Phone specific popups on websites?  Don't hit OK *or* cancel, simply hit your back button and the popup will disappear without opening Play Store links.  Actual malware is extremely rare on phones, the worst I've come across are apps that will spam system notification advertisements.

swamp and Floofies like this

oVoXWXc.png

Share this post


Link to post
Share on other sites

antivirus on your phone is like walking around with a condom on but not having sex: You'll still get sick if someone with the flu sneezes on you.  It's even easier with your phone than your computer to avoid malware, just don't download obscure or otherwise untrustworthy apps.  Phone specific popups on websites?  Don't hit OK *or* cancel, simply hit your back button and the popup will disappear without opening Play Store links.  Actual malware is extremely rare on phones, the worst I've come across are apps that will spam system notification advertisements.

 

Dunno man. I've seen a few popular games on the Market get flagged as malware by the community.

Share this post


Link to post
Share on other sites

This is more assholery than anything else.

Yes, I'd say doing the cyber equivalent to mugging/kidnapping someone would be considered asshole behavior.

4VWJfoZ.gif

"You fix my mistakes is what you do." - Tucker
"You're useless." - Tucker 2 minutes later

"You're sort of cool in some ways." - Kavawuvi

 

"Fuck off." - Mint Blitz

Share this post


Link to post
Share on other sites

:huh: ?

"Kidnapping" your whatever you have on your phone hence the name "ransomware". Obviously not as serious as actual kidnapping but it goes by the same principle: Take something important from someone with the promise that, with money or some other valuable, they can have it back.
swamp likes this

4VWJfoZ.gif

"You fix my mistakes is what you do." - Tucker
"You're useless." - Tucker 2 minutes later

"You're sort of cool in some ways." - Kavawuvi

 

"Fuck off." - Mint Blitz

Share this post


Link to post
Share on other sites
Sign in to follow this  
Followers 0
  • Recently Browsing   0 members

    No registered users viewing this page.