Unless you’ve been living under a rock this week, you’ve probably heard that quite a few celebrities have had their personal iCloud accounts hacked into, with thieves being able to retrieve compromising pictures and videos from existing cloud backups. Some hackers apparently did it just for the fun of it, while others did it for the money. Other hackers, meanwhile, might be trying to profit from the increased interest in celebrities’ nude photos by attempting to use their notoriety to engage in phishing attacks.
Security researchers from Trend Micro have already spotted such initiatives that are meant to trick the user into downloading malware on their computers.
It all starts as a message on social media, such as Twitter, that directs the user to a site promising him or her access to pictures and/or videos of, say, Jennifer Lawrence. Once there, the user is directed to download a “video converter” to view the leaked celebrity video.
Furthermore, in a different version of this attack, the users have to share the video via Facebook – thus enticing others to fall for the same malware-installing scheme – in order to view the video.
At the end of either procedure, the unsuspecting user has installed a program on his or her machine that can be used for malicious purposes, and access to the video isn’t actually given.
It’s not clear what the program does after being installed on a computer, but it certainly isn’t good. It’s also not known how many users may have been affected by these malware/phishing tactics, but Trend Micro says bout 70% of the users affected are from the U.S.
Images showing such malicious threats follow below, while Trend Micro’s detailed post is available at the source link, complete with more information about the malicious programs installed on PCs via this bait-and-switch maneuver.