Wow, got an iCloud phishing scam that is 0% on VirusTotal

M

MacDefender

Level 16
Thread author
Verified
Top Poster
Oct 13, 2019
784

VirusTotal

VirusTotal
www.virustotal.com www.virustotal.com

I just got this PDF scam saying that my iCloud account was locked. The link to "reset" my password goes to an obvious phishing scam. Unfortunately, F-Secure, Chrome, and MS Edge Chromium all happily allow me to visit the site.

The URL is in the VirusTotal link and I detected no drive-by malware from visiting the site itself through a VPN. But I found it shocking that nothing on VirusTotal detected the link.

Anyone care to test more AV software?
 
  • Like
Reactions: DJ Panda, Protomartyr, Oten and 6 others
upnorth

upnorth

Level 68
Verified
Top Poster
Malware Hunter
Well-known
Jul 27, 2015
5,458
Good catch!

I tested the link on AnyRun and in Opera it didn't open at all, but in Chrome it connected to a site and page I recalled seen somewhere before.
session-timed-out.jpg
malwaretips.com

Widespread Apple ID Phishing Attack Pretends to be App Store Receipts

A widespread and sneaky phishing campaign is underway that pretends to be a purchase confirmation from the Apple App store. These emails contain a PDF attachment that pretends to be a receipt for an app that was purchased by your account for $30 USD and tells you to click a link if the...
malwaretips.com malwaretips.com
 
  • Like
  • Applause
Reactions: RXZ6Q, Solarquest, Protomartyr and 5 others
Mahesh Sudula

Mahesh Sudula

Level 17
Verified
Top Poster
Well-known
Sep 3, 2017
825
Pls take care of your email address..it is not a good thing to receive things like this..considering the age of the host ..might be you are in top 10 list to receive this.
Hope u haven't clicked or downloaded any suspicious attachment / links like that. Disasters are beyond imagination.
 
  • Like
Reactions: Solarquest, Protomartyr, stefanos and 4 others
M

MacDefender

Level 16
Thread author
Verified
Top Poster
Oct 13, 2019
784
Mahesh Sudula said:
Pls take care of your email address..it is not a good thing to receive things like this..considering the age of the host ..might be you are in top 10 list to receive this.
Hope u haven't clicked or downloaded any suspicious attachment / links like that. Disasters are beyond imagination.
Click to expand...

Yeah I took a look at the header, it was delivered to one of my open source aliases -- 10 years ago I was a pretty prominent open source figure with a well publicized email address.

And indeed, I took several precautions when analyzing this link. It was also embedded in a PDF which could've been an exploit vector in and of itself.

CyberTech said:
Please read How to Easily Spot and Avoid Apple ID Phishing Scams be careful next time...
Click to expand...
Just for clarity, I was aware from the beginning that this was a phishing link. I was just curious how well the various browsing protection software out there would guard against this if I pretended to be dumb and fall into the phishing trap. It was surprising to me that the only 3 products that detected it were arguably enterprise-only.
 
  • Like
Reactions: Solarquest, Azure, Protomartyr and 4 others
M

MacDefender

Level 16
Thread author
Verified
Top Poster
Oct 13, 2019
784
SeriousHoax said:
Adding Bitdefender, Malwarebytes, ESET to this list.
Click to expand...
Wow! So at this point it's probably like over 90% of the installed base of antimalware software that don't see something wrong.

The site itself has typos, appears pixelated (screen shots based) on my 4K display, and has a lot of "Apple" links that go to long suspicious URLs. I think we talked about some products (G DATA?) investing in machine learning / AI to recognize phishing, but that seems like it should be the right approach to detect stuff like this.

I think most of us as malware enthusiasts, we can take one look at the website and laugh about how it obviously looks fake. It seems like it should be possible to teach a browser plugin the same thing!
 
  • Like
Reactions: Protomartyr, SeriousHoax, stefanos and 1 other person

Similar threads

ShenguiTurmi
    • Like
    • Thanks
Advice Request Engines on VirusTotal, worse version?
Replies
8
Views
1,132
General Security Discussions
Bot
Bot
Gandalf_The_Grey
    • Like
    • Thanks
New Update Virus scanning service VirusTotal releases VT4Browsers extension for Chrome and Firefox
Replies
1
Views
1,305
Web Extensions
ForgottenSeer 69673
F
D
    • Like
Night Sky is the latest ransomware targeting corporate networks (BleepingComputer)
Replies
0
Views
656
News Archive
Der.Reisende
D

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

Quick Navigation

Forum Rules Warning System Welcome Guide Two-factor Authentication

User Menu

Login

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top