Numerous phishing campaigns uncovered targeting Apple users in UK and China
Phishing campaigns use fake Apple domains designed to lure victims into providing their Apple IDs and passwords Getty Images

Apple users have become prime targets of several phishing campaigns in 2016. Security researchers have discovered that since the start of the year, assorted phishing attacks have emerged targeting iCloud users in the UK and China.

US cybersecurity firm FireEye analysed two separate phishing attacks, one of which targeted Apple users in China and was first identified in March. The other was found to target UK Apple users and was first uncovered in January. FireEye reported that the phishing campaigns use fake Apple domains designed to lure victims into providing their Apple IDs and passwords, which can then be used by hackers to gain control of victims' devices and "make purchases via the Apple Store".

FireEye said in its report: "Since January 2016 we have observed several phishing campaigns targeting the Apple IDs and passwords of Apple users." The firm added that the specific phishing attacks were "unique" in that unlike other such cyberattacks, "they are serving the same malicious phishing content from different domains to target Apple users".

One of the phishing kits targeting Chinese Apple users, dubbed Zycode, was found to have been mirroring over 30 Apple domains. The kit would be presented to users as an Apple ID login page, specifically designed to dupe users into providing the details of their Apple IDs. "Since January 2016 to the time of writing, the [malicious domain detection] system marked around 240 unique domains that have something to do with Apple ID, iCloud, or iTunes. From these 240 domains, we identified 154 unique email registrants with 64 unique emails pointing to, 36 unique Gmail email accounts, and 18 unique email addresses each belonging to and, and a couple more registered with," said FireEye.

FireEye added: "The majority of these domains were registered by individuals having email addresses pointing to Chinese services – registrant email, contact and address information points to China. Additionally, the domains were serving phony Apple webpages in Chinese, indicating that they were targeting Chinese users."

The company's email attacks research arm found a similar yet separate phishing campaign targeting UK Apple users. Researchers uncovered 86 fake Apple domains since January, all of which also distributed the same phishing content. In this case, users were directed to a site posing as Apple's official website, which distributed a sophisticated JavaScript onto the victims' browser, which in turn auto-generated an HTML phishing code in efforts to avoid detection from security software. Users are prompted to provide their Apple ID login details by informing them that their account has been locked. When attempting to unlock it, users are asked to provide additional information like name, date of birth, addresses, phone numbers, security questions and credit card details. Once all the information has been submitted, users are redirected back to Apple's authentic website.

"While filling out this form, we observed that the country part of the address drop-down menu only allowed address options from England, Scotland, and Wales, suggesting that this attack is targeting these regions only," FireEye noted.

Given the recent rise in such scams, Apple issued a warning earlier in the year to its users informing them of such phishing attacks and advising them to remain cautious of websites requesting Apple ID details and to refrain from providing "Apple account information on any non-Apple website".