An underground market is supplying criminals with techniques to unlock stolen iPhones and launch phishing attacks against victims' contacts. The ecosystem targets bank accounts and sensitive data.
Thieves now have access to tools and methods that bypass iPhone security, enabling them to access device contents and impersonate owners through their contact lists.
Once unlocked, criminals send phishing messages to the victim's contacts, posing as the device owner to trick recipients into revealing banking credentials and personal information. This two-stage attack multiplies the damage beyond the initial theft.
The criminal ecosystem operates through forums and marketplaces where specialized services are traded. Some vendors offer device unlocking expertise, while others provide phishing templates or buyer lists compiled from previous victims.
Apple's security features have made this process more difficult than in previous years, but determined attackers continue finding workarounds. The vulnerability highlights the danger posed by physical device theft in today's interconnected digital environment.
Security experts recommend enabling two-factor authentication, marking devices as lost in iCloud immediately after theft, and warning contacts about potential phishing attempts.
Federal prosecutors have unsealed a 2024 indictment charging three Russian nationals and two web hosting services with facilitating cyberattacks and money laundering that victimized cybercrime targets of $62 million.
A hacker accessed Suno's source code using stolen employee credentials, revealing that the AI music generator scraped decades of audio from YouTube to train its model.
Criminals can now clone voices with AI in mere seconds, outpacing traditional authentication defenses that banks and financial institutions rely on to prevent fraud.
Five malicious versions of AsyncAPI packages were published to npm, delivering a remote access trojan capable of stealing credentials and sensitive data from developer systems.