Apple ID is the target of new attack via push notifications and even calls

Some Apple device owners are facing sophisticated cyberattacks known as “MFA fatigue” (“MFA fatigue”) or “push bombing” (“push bombing”), according to cybersecurity blog information Krebs on Security.

In practice, attackers have exploited loopholes in security systems two-step authentication (2FA)sending a barrage of alerts to victims’ devices, forcing them to respond to requests to change their password or confirm their login.

The strategy is to overload devices with these requests as a way of coercing users into accidentally accepting a request, allowing criminals to access and block their accounts.

Among the victims are the entrepreneur Parth Patel and an anonymous cryptocurrency investor, identified as Chris. According to them, the avalanche of notifications on devices makes their normal use impossible.

To make matters worse, both victims say they received calls from people pretending to be Apple support, using accurate personal information to appear genuine. It is suspected that they have obtained this data illegally.

The victims tried to protect themselves by changing their passwords and even buying new devices, but the attacks persisted — suggesting that the scammers were using the phone number linked to the Maçã account to continue the harassment.

O Krebs on Security recommended activate your Apple ID recovery key (or spare key)comprised of a randomly generated 28-character code that replaces the standard account recovery process with a unique code.

However, even this measure has not proven to be a definitive solution for all users. Unwanted alerts, still in accordance with the Krebs on Securitycontinued to appear for some people.

Apple has not yet commented on the attacks or even on a possible vulnerability in its password reset system. We, of course, will continue to follow.