April 18, 2024 at 12:06PM
At Black Hat Asia, a Korean researcher uncovered a phishing operation leveraging second-hand shops and Apple’s pickup method for financial gain. Their discovery of a payment widget led to uncovering over 50 online stores involved in the scam and the theft of 8,000 credit cards and 5 million personal information pieces. The operation, known as “Poisoned Apple,” targeted Korea and Japan residents and is believed to have originated in China.
From the meeting notes, the key takeaways are:
– A Korean researcher uncovered a phishing operation targeting online stores and second-hand shops, known as “Poisoned Apple.”
– The researchers found evidence suggesting the operation targeted residents of Korea and Japan, but the criminals are believed to be based in China and have been active since 2009.
– The phishing operation involved using a phishing payment widget in online stores, resulting in the theft of over 8,000 credit cards and 5 million pieces of personal information.
– The operation also engaged in second-hand shop scams involving selling discounted Apple products and using stolen credit cards for purchases, tricking buyers into being the designated pick-up party.
– The criminals attempted to conceal their activities using Cloudflare CDN but made a mistake that exposed their real IP address.
– The operation was unraveled in part due to a deep understanding of Korea’s online payment systems, which require additional authentication procedures compared to other countries.
– The researchers believe the criminals have left breadcrumbs suggesting ties to China, including registering a domain through a Chinese ISP and writing in simplified Chinese on the dark web.
– Further action may be taken by Apple to prevent abuse of the third-party pickup designation policy.
Let me know if you need any further information or if there’s anything else I can assist you with!