Apple Intelligence now features Image Playground, Genmoji, Writing Tools enhancements, seamless support for ChatGPT, and visual intelligence.

Apple Intelligence has also begun language expansion with localized English support for Australia, Canada, Ireland, New Zealand, South Africa, and the U.K. Learn more >

You can make a difference in the Apple Support Community!

When you sign up with your Apple Account, you can provide valuable feedback to other community members by upvoting helpful replies and User Tips.

Looks like no one’s replied in a while. To start the conversation again, simply ask a new question.

Cobalt Strike Phishing email

I was recently contacted by someone via email saying they had installed a Cobalt Strike Beacon on my devices and is threatening to release a bunch of information to my email contacts. I have done an Etrecheck scan and cannot interpret anything of importance. Is this a possibility with the security that Apple provides for their OSs? Thanks!

MacBook Pro 13″, macOS 12.2

Posted on Mar 13, 2022 5:16 PM

Reply
Question marked as Top-ranking reply

Posted on Mar 13, 2022 8:00 PM

MediOgre wrote:

I was recently contacted by someone via email saying they had installed a Cobalt Strike Beacon on my devices and is threatening to release a bunch of information to my email contacts. I have done an Etrecheck scan and cannot interpret anything of importance. Is this a possibility with the security that Apple provides for their OSs? Thanks!


Worth reading these links...



Recognize and avoid phishing messages, phony support calls, and other scams

Recognize and avoid phishing messages, phony support calls, and other scams - Apple Support



Effective defenses against malware and other threats - Apple ...

Effective defenses against malware and ot… - Apple Community



I googled "Cobalt Strike Phishing email" and this was from the first link that popped up:


"Spear Phishing
Now that you have an understanding of client-side attacks, let’s talk about how to get the attack to the user. The most common way into an organization’s network is through spear phishing. Cobalt Strike's spear phishing tool allows you to send pixel perfect spear phishing messages using an arbitrary message as a template."



6 replies
Question marked as Top-ranking reply

Mar 13, 2022 8:00 PM in response to MediOgre

MediOgre wrote:

I was recently contacted by someone via email saying they had installed a Cobalt Strike Beacon on my devices and is threatening to release a bunch of information to my email contacts. I have done an Etrecheck scan and cannot interpret anything of importance. Is this a possibility with the security that Apple provides for their OSs? Thanks!


Worth reading these links...



Recognize and avoid phishing messages, phony support calls, and other scams

Recognize and avoid phishing messages, phony support calls, and other scams - Apple Support



Effective defenses against malware and other threats - Apple ...

Effective defenses against malware and ot… - Apple Community



I googled "Cobalt Strike Phishing email" and this was from the first link that popped up:


"Spear Phishing
Now that you have an understanding of client-side attacks, let’s talk about how to get the attack to the user. The most common way into an organization’s network is through spear phishing. Cobalt Strike's spear phishing tool allows you to send pixel perfect spear phishing messages using an arbitrary message as a template."



Mar 14, 2022 6:54 AM in response to leroydouglas

I’m not certain there is a reliable means to spot a Cobalt Strike implant, save at the network level and that’s probably impractical here.


That written, I suspect this is phishing, solely because the sender didn’t offer proof of the implant in the mail.


And if the sender indicated they attacked iPhone and iPad, Cobalt Strike implants aren’t available for those—macOS, Windows, and Linux only.


I would change your Apple ID, as that might have n]been exposed, and if you unfortunately re-used that password could well have been exposed, and would enable two-factor authentication if that’s not already in use. Cobalt Strike sounds more impressive than password-reuse-got-caught-in-a-breach-somewhere, after all.

Cobalt Strike Phishing email

Welcome to Apple Support Community
A forum where Apple customers help each other with their products. Get started with your Apple Account.