Internet security company Netcraft says hackers have compromised an EA Games server and are using it to phish for Apple login information.
Netcraft, an internet security firm offering anti-fraud, anti-phishing, application testing and other services, posted a report today claiming that a server used by two websites in the EA.com domain has been compromised by hackers and is now hosting a phishing site targeting Apple accounts. The site normally hosts a calendar based on an old version of WebCalender which is known to contain several security holes, which is likely how the hackers were able to get in.
“The phishing site attempts to trick a victim into submitting his Apple ID and password. It then presents a second form which asks the victim to verify his full name, card number, expiration date, verification code, date of birth, phone number, mother’s maiden name, plus other details that would be useful to a fraudster,” the Netcraft website states. “After submitting these details, the victim is redirected to the legitimate Apple ID website.”
Netcraft said “internet-visible servers” like this are often used as stepping stones to get at internal servers not visible to the net that typically contain more valuable information, although it added that there’s no evidence to suggest this has happened. It also noted that “the mere presence of old software” can lead hackers to push deeper into an internal network in search of other soft spots and points of access.
“In this case, the hacker has managed to install and execute arbitrary PHP scripts on the EA server, so it is likely that he can at least also view the contents of the calendar and some of the source code and other data present on the server,” it explained.
Netcraft said it informed EA of the breach yesterday [March 18] but at the time of its report, the vulnerable server and the phishing software both remained online.