A group of hackers are allegedly threatening to remotely wipe millions of iPhones and iCloud accounts , unless Apple agrees to pay a ransom Attack.Ransom by April 7th . As Motherboard reports , the hackers – who are calling themselves the “ Turkish Crime Family ” – are demanding Attack.Ransom Apple pay a ransom Attack.Ransom of $ 75,000 ( in either the Bitcoin or Ethereum cryptocurrencies ) , or hand over $ 100,000 worth of iTunes gift cards . Motherboard ‘ s Joseph Cox reports that one of the hackers shared screenshots of emails that had allegedly been exchanged with Apple , including one where a member of Apple ’ s security team asked if the group would be willing to share a sample of the stolen data . If emails shared by the hackers are legitimate , then it appears that Apple ’ s security team also requested that a YouTube video be removed of an unnamed member of the gang using stolen credentials to access an elderly woman ’ s iCloud account and view photos that had previously been backed up online . The alleged emails from Apple go on to underline that the technology firm will “ not reward cyber criminals for breaking the law ” . What we don ’ t know is whether the email exchanges between the hackers and Apple are real or faked , and – indeed – whether the so-called “ Turkish Crime Gang ” really has access Attack.Databreach to a large number of Apple users ’ credentials . Other than the video of the elderly woman ’ s iCloud account being broken into , there has been no evidence shared with the media to suggest that the hackers ’ claims of having gained access Attack.Databreach to a large database of Apple usernames and passwords are legitimate . However , if it ’ s true that the hackers are attempting to engage with the media in an attempt to increase their chances of a substantial payout then that would be in line with an increasingly common technique deployed by extortionists . For instance , we have discussed before how an individual hacker or hacking group known as The Dark Overlord has targeted investment banks – stealing internal documents and bringing them to the public ’ s attention in an attempt to extort more money Attack.Ransom . In another extortion Attack.Ransom attempt , The Dark Overlord stole Attack.Databreach hundreds of gigabytes of files from the Gorilla Glue adhesive company , and attempted to increase their chances of crowbarring more money out of corporate victims by sharing details with security industry media . For the record , when The Dark Overlord contacted me to help them blackmail Attack.Ransom companies , I declined . I believe that companies should do everything in their power to protect their customers and prevent criminals from profiting from extortion Attack.Ransom . We simply don ’ t know the truth of the Turkish Crime Family ’ s claims , and whether Apple users are at risk . But I do hope that the media stories will help remind Apple users of the importance of using a strong , unique password to secure their account and enable two-factor authentication to make their accounts harder to break into .

A `` panic button '' distributed by the Colombian government to high-risk activists and journalists has a number of security flaws , at least one of which is by design , a security firm reported Vulnerability-related.DiscoverVulnerability . Rapid7 investigated the Eview EV-07S GPS tracker at the behest of The Associated Press . The site lists main applications of the EV-07S as elderly care , disabled and patient care , child protection , employee management , and pet and animal tracking . `` I would n't be worried about giving this to my grandma . But I would be more concerned giving it to anyone who might be at risk , '' said Deral Heiland , internet of things research lead at Rapid7 . The group found Vulnerability-related.DiscoverVulnerability another six vulnerabilities not listed in the manual . Those include a web portal for the device that allows anyone ( even people without passwords ) to access GPS coordinates of any device . Anyone who logs into an account on the site has access Attack.Databreach to other information from all accounts , including phone numbers and device configurations . The device also transmits data in `` clear , '' unencrypted text , allowing anyone to tamper or alter information in transit . Rapid7 spoke with the manufacturer in December to relay its findings . Eview has not informed Rapid7 of any intention to repair the security flaws . `` We thought we had a responsibility to alert Vulnerability-related.DiscoverVulnerability users that these vulnerabilities exist , '' said Heiland .

Google said it has disabled offending accounts involved in a widespread spree of phishing emails today impersonating Attack.Phishing Google Docs . The emails , at the outset , targeted journalists primarily and attempted to trick Attack.Phishing victims into granting the malicious application permission to access the user ’ s Google account . It ’ s unknown how many accounts were compromised Attack.Databreach , or whether other applications are also involved . Google advises caution in clicking on links in emails sharing Google Docs . The messages purport to be from Attack.Phishing a contact , including contacts known to the victim , wanting to share a Google Doc file . Once the “ Open in Docs ” button is clicked , the victim is redirected to Google ’ s OAUTH2 service and the user is prompted to allow the attacker ’ s malicious application , called “ Google Docs , ” below , to access their Google account and related services , including contacts , Gmail , Docs and more . “ We have taken action to protect users against an email impersonating Attack.Phishing Google Docs , and have disabled offending accounts , ” a Google spokesperson told Threatpost . “ We ’ ve removed the fake pages , pushed Vulnerability-related.PatchVulnerability updates through Safe Browsing , and our abuse team is working to prevent this kind of spoofing Attack.Phishing from happening again . We encourage users to report phishing emails in Gmail. ” OAUTH is an authentication standard that allows a user to authorize third party applications access to an account . The attempt to steal OAUTH tokens is a departure from traditional phishing attacks Attack.Phishing that target passwords primarily . Once the attacker has access Attack.Databreach to the victim ’ s account , the phishing message is sent Attack.Phishing along to the compromised contact list . While this attack is likely the work of a spammer , nation-state attackers including APT28 , aka Fancy Bear or Sofacy , have made use of this tactic . APT28 has been linked to last summer’s attacks Attack.Phishing attempting to influence the U.S. presidential elections . The group has long been targeting political entities , including NATO , and uses phishing emails , backdoors and data-stealing malware to conduct espionage campaigns against its targets . “ I don ’ t believe they are behind this though because this is way too widespread , ” said Jaime Blasco , chief scientist at AlienVault . “ Many people and organizations have received similar attempts , so this is probably something massive and less targeted . ”

The Russian antivirus maker says the leaked source code appears to be a high-quality product and the security firm is positive this will attract the attention of many cyber-criminals looking for a base to develop and deploy their own mobile malware . Android banking trojans are usually sold for thousands of dollars , or rented for similar high fees . The easily availability of this trojan might lead to a surge in banking trojans targeting Android devices , Dr.Web researchers warn . According to the company , the leaked source code has already been taken , tweaked and twisted into a new banking trojan named Android.BankBot , currently seen in live infections . The BankBot version detected in the wild appears to target only users of Russian banks . According to Dr.Web , the trojan will lie in hiding until the user opens mobile banking apps or social media apps . When this happens , the trojan shows Attack.Phishing fake login overlays , asking the user to reauthenticate or re-enter his payment card details , where appropriate . BankBot can phish Attack.Phishing for credentials using overlays for apps such as Facebook , Viber , Youtube , WhatsApp , Uber , Snapchat , WeChat , imo , Instagram , Twitter , and the Google Play Store . This data is collected Attack.Databreach and sent back to online servers , where the crook can access Attack.Databreach it via a neatly arranged backend . Once the BankBot author has access Attack.Databreach to user information , he can initiate banking transactions , or sell the user 's social media credentials online . When siphoning money out of a victim 's bank account , BankBot will also intercept Attack.Databreach and silently delete incoming SMS messages , meaning the bank 's transaction notification never reaches the user . Other BankBot features include the ability to send SMS messages and USSD requests , steal Attack.Databreach the user 's contacts list , track the user via GPS coordinates , and request additional permissions via popups for the latest Android OS versions , where the permissions system is more layered and interactive than in previous releases .