Cybersecurity is once again under threat from relatively simple yet effective attack methods. Experts have uncovered a large-scale campaign by hired hackers who gained access to iCloud backups using fake login pages visually indistinguishable from Apple's genuine services.
The investigation revealed that attacks were carried out over several years, targeting journalists, activists, and officials in various regions worldwide. The operation is believed to be linked to a "hackers-for-hire" group associated with an Indian company specializing in digital surveillance. In total, experts identified around 1,500 fake websites mimicking iCloud, FaceTime, and Apple authorization pages.
The attack method was surprisingly straightforward: attackers redirected victims to counterfeit login pages where users entered their Apple IDs and passwords themselves. This gave hackers full access to iCloud data, including photos, messages, and contacts.
Similar schemes were also deployed against Android devices. There, malicious software called ProSpy was disguised as popular applications. Once installed, the program could monitor communications, activate microphones and cameras, and collect location data.
Experts emphasize that the main vulnerability in such attacks is human error. Even the most advanced security systems cannot help if users enter their credentials on fake websites. To reduce risks, they recommend enabling two-factor authentication and avoiding suspicious links from emails and messages.