Thousand of messages being sent to China in iCloud hack

26 October 2016 | James Pearce


Irish network security firm AdaptiveMobile has found that thousands of iCloud user accounts are being hijacked to send spam to China.

Hackers are using compromised Apple accounts in North America to send SMS spam from iPhones, with more than 11,500 phone numbers affected.

According to Adaptive’s data, the impacted phones have sent more than 750,000 spam SMS messages to China in the last four months. There has also been a rise in the number of devices being affected each day.

Adaptive claims the attackers use the iPhone’s associated with the hacked iCloud account to send a large number of iMessage spam to Chinese phone users. Due to a feature built in to the phone, it can send an SMS message when no data connection is available, leaving the victim vulnerable to international SMS charges.

“It is probable that attackers access people’s iCloud accounts through known forms of social engineering,” said Cathal McDaid, chief intelligence officer at AdaptiveMobile. 

“What concerns us is the fact that people whose accounts have been compromised could potentially be billed hundreds or thousands of dollars after the attack has taken place. Apple users who notice large number of messages being sent to China from their iPhone should change their password and contact Apple for further assistance.”