This year’s annual hacking conference Black Hat Asia has shown a new modern crime: a well-prepared and intricate ‘Someone else will pick it up’ caper targeting stolen credit cards and Apple Store Online’s inherent feature to bundle purchases.
The implemented exploit for over 2 years resulted in almost 500.000$ in losses. South Korean Financial Security Institute researchers Gyuyeon Kim and Hyunho Cho discovered was targeting a legitimate website. They quickly realized a massive data breach had occurred, with over 50 websites being affected.
More About Apple Store Exploitation
However, the malefactors had more than simple data thievery in mind. Cybercriminals did not steal credit and personal information but also made their servers receive the data directly through legitimate payments made with the phishing page using multiple anti-protection methods. However, stealing credit card details was just one aspect of their strategy.
The “Pickup Contact” policy of the Apple Store Online was the most important method of monetizing the activities. Financial gain was the main motivation of the operation and Kim explained the process in detail. First, the new Apple products were then listed in the second-hand online store on multiple sites with a discount in South Korea.
Once an agreement was made with a buyer, the stolen credit card numbers were used to purchase a product in the Apple Store. Following the order, the item was set to the “Someone else will pick it up” system on Apple’s website, and the cybercriminals would designate an individual who could pick up the product with a QR code and a government ID in the Apple retail store. The final stage of the process was made by the buyer from the second-hand store who was unaware of the fraudulent purchase.
Dubbed “PoisonedApple” by Kim and Cho, the scheme is estimated to have generated $400,000 in illicit gains over two years, primarily in South Korea and Japan. The researchers suspect the culprits are based in China, indicated by the registration of phishing web pages through a Chinese ISP and mentions in simplified Chinese on dark web forums.
