New Threat Research: Uncovering Adversarial LDAP Tradecraft

Read Threat Research


Siri Shortcuts App Being Exploited to Deliver Scareware

Apple is having a rough time over the course of the past month, dealing with the Facetime Vulnerability, and now an exploitation of the Siri Shortcuts app. The app’s functionality has come in to question after it was discovered to have a security issue. Scripting is used to complete tasks such as uploading content and locking screens.  Attackers are taking advantage of the issue and not only stealing data, but they’re also using scareware to demand a ransom. A researcher who was a part of the team that discovered the vulnerability said, “Using native shortcut functionality, a script could be created to speak the ransom demands to the device’s owner by using Siri’s voice. To lend more credibility to the scheme, attackers can automate data collection from the device and have it send back the user’s current physical address, IP address, contents of the clipboard, stored pictures/videos, contact information and more. This data can be displayed to the user to convince them that an attacker can make use of it unless they pay a ransom.” Custom shortcuts can also be renamed and used to trick users into clicking on them.

Analyst Notes

Until this issue is resolved by Apple, users should disable the Siri Shortcuts app. Downloading custom shortcuts should also be avoided as they could contain malicious software.