Wow, got an iCloud phishing scam that is 0% on VirusTotal

MacDefender

Level 16
Thread author
Verified
Top Poster
Oct 13, 2019
779

I just got this PDF scam saying that my iCloud account was locked. The link to "reset" my password goes to an obvious phishing scam. Unfortunately, F-Secure, Chrome, and MS Edge Chromium all happily allow me to visit the site.

The URL is in the VirusTotal link and I detected no drive-by malware from visiting the site itself through a VPN. But I found it shocking that nothing on VirusTotal detected the link.

Anyone care to test more AV software?
 

upnorth

Moderator
Verified
Staff Member
Malware Hunter
Well-known
Jul 27, 2015
5,456
Good catch!

I tested the link on AnyRun and in Opera it didn't open at all, but in Chrome it connected to a site and page I recalled seen somewhere before.
session-timed-out.jpg
 

Mahesh Sudula

Level 17
Verified
Top Poster
Well-known
Sep 3, 2017
818
Pls take care of your email address..it is not a good thing to receive things like this..considering the age of the host ..might be you are in top 10 list to receive this.
Hope u haven't clicked or downloaded any suspicious attachment / links like that. Disasters are beyond imagination.
 

MacDefender

Level 16
Thread author
Verified
Top Poster
Oct 13, 2019
779
Pls take care of your email address..it is not a good thing to receive things like this..considering the age of the host ..might be you are in top 10 list to receive this.
Hope u haven't clicked or downloaded any suspicious attachment / links like that. Disasters are beyond imagination.

Yeah I took a look at the header, it was delivered to one of my open source aliases -- 10 years ago I was a pretty prominent open source figure with a well publicized email address.

And indeed, I took several precautions when analyzing this link. It was also embedded in a PDF which could've been an exploit vector in and of itself.

Just for clarity, I was aware from the beginning that this was a phishing link. I was just curious how well the various browsing protection software out there would guard against this if I pretended to be dumb and fall into the phishing trap. It was surprising to me that the only 3 products that detected it were arguably enterprise-only.
 

MacDefender

Level 16
Thread author
Verified
Top Poster
Oct 13, 2019
779
Adding Bitdefender, Malwarebytes, ESET to this list.
Wow! So at this point it's probably like over 90% of the installed base of antimalware software that don't see something wrong.

The site itself has typos, appears pixelated (screen shots based) on my 4K display, and has a lot of "Apple" links that go to long suspicious URLs. I think we talked about some products (G DATA?) investing in machine learning / AI to recognize phishing, but that seems like it should be the right approach to detect stuff like this.

I think most of us as malware enthusiasts, we can take one look at the website and laugh about how it obviously looks fake. It seems like it should be possible to teach a browser plugin the same thing!
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top