13-05-2025
Tim Cook's Apple iToken Ad Is A Con, X Users Warned
Threat actors have been targeting Apple users for the longest time. I recently reported how Apple passwords were being stolen in a macOS attack impersonating a Realtek driver update, while the Banshee Stealer puts 100 million Apple users in the credential-hacking crosshairs. Indeed, if you needed any proof that a hacker target is hovering over Apple users heads, the fact that macOS infostealer attacks were up 101% in the last quarter of 2024 should provide it. The latest threat takes a bit of an off-ramp from the usual password-stealing stuff though, and heads into straight-up financial fraud with a little bit of help from a faked X advertising campaign, a phoney Tim Cook endorsement, and an offer to get ahead of the crowd and preorder Apple iToken crypto.
I'll admit it, I'm an Apple fanboy and would likely be interested in most anything with an 'i' prefix to be fair. Whether that would stretch to cryptocurrency in the form of an Apple iToken is unlikely, as I'm not really a wannabe crypto bro. Unfortunately, the same cannot be said for many Apple fans, and crypto investors, for that matter. At least, that's what the threat actors behind the iToken scam are working on. They are also, it would appear, hoping that their target victim is going to be a user of X, the social media platform formerly known as Twitter and home to an active and highly vocal cryptocurrency community.
Threat analysts working at Silent Push have uncovered a financial fraud campaign that employs all of the above, plus a little bit of Tim Cook, in order to try and get victims to part with their cash.
Silent Push investigators were made aware of the campaign after spotting what appeared to be an advert on X, published May 1, that promoted an Apple iToken. The advertising URL displayed pointed to CNN for added gravitas and believability. This was, the Silent Push report said, achieved by using a 'known exploit for spoofing a URL on X/Twitter.'
The crypto presale scam exploited the premise of an official Apple iToken release being forthcoming, and even went so far as to use a fake endorsement from Apple CEO Tim Cook himself to bolster the air of trust. Anyone clicking on the advert would be redirected to the presale website where an account would need to be created and payment made from any of 22 crypto wallets to pay for the non-existent crypto token. 'We found nearly 90 sites going back to 2024,' the researchers warned, 'with almost identical financial lures, all appearing to be from the same threat actor group.'
This Apple iToken scam campaign's ability to spoof a visible X advertising URL is, the Silent Push report warned, 'a novel method for tricking potential victims, one only occasionally seen in the wild.'
I have reached out to X and Apple for a statement and will update this article if any is forthcoming. In the meantime, don't get taken in by these scammers: there is no Apple iToken, Tim Cook has not endorsed it, CNN is not buying advertising promoting it.
