For Apple Users Without Latest Security Updates, the Letter 'd' is Not Always the Letter 'd'
(Nov 20, 2018)
Apple users who have not installed the most recent Apple updates to their devices are vulnerable to an innovative typosquatting tactic, dubbed “IDN homograph attack.” These attacks target a vulnerability in the Safari browser that makes the extended Latin Unicode “dum” (ꝱ) appear as a normal lowercase “d” in the domain. Threat actors have been observed purchasing typosquatted domains that contain the “ꝱ” knowing that Apple users with an out-of-date device will not recognise the change, and will likely fall vulnerable to this phishing attack. The risk to The attack surface is quite large as the top 10,000 domains contain the letter “d” and have the potential to be typosquatted by threat actors.
Recommendation: It is imperative to install the latest updates to your devices to prevent these sort of threats. If a user is unable to, for some reason, apply the latest update, it is heavily suggested to utilise a different browser such as Google Chrome or Mozilla Firefox, which will recognise the typosquatted domain with unusual Latin characters.
Indicators of Compromise (IOCs) associated with this story can be viewed by ThreatStream users here to identify potential malicious activity.