People with iPhones in the UK and Australia have reported their smartphones being hacked, and a ransom demanded in order to unlock them.
Users have taken to the official support forums on the Apple website to complain of the issue, with iPhone owners reporting that a message appears onscreen saying they have been hacked, and must pay between 50 and 100 Australian dollars (£55) in order to get their device unlocked.
According to analysts, the hacker, who identifies themselves as 'Oleg Pliss', is using the Find My iPhone app to send the messages and lock devices.
User veritylikestea wrote on the Apple forum: "I went to check my phone and there was a message on the screen (it's still there) saying that my device(s) had been hacked by 'Oleg Pliss' and he/she/they demanded $100 USD/EUR (sent by paypal to lock404(at)hotmail.com) to return them to me.
"I have no idea how this has happened. I am not aware of having been exposed to malware or anything else, although i did recently purchase some new apps - perhaps one of these has something to do with it?
I don't know. I am not sure what avenue has been used to reach my devices."
Last week, online marketplace eBay admitted that the database containing the log-in information of its users had been hacked, and advised all eBay account holders to reset their passwords. The company moved quickly to reassure users that no financial information had been breached.
Apple is yet to offer any official comment on the hack, but an Australian government website has told users to change the password of their Apple ID, used to log-in on Apple devices like the iPhone and iPad, in order secure their device.
The Find My iPhone app has a remote access feature that enables users to remotely lock and wipe their
device should it be stolen or lost. Experts believe it is this feature that has been exploited in order to carry out the hack.
David Emm, from the global research and analysis team at digital security firm Kaspersky Lab, said: "It seems likely that cybercriminals gained access to Apple ID credentials, for example by using phishing e-mails targeting Apple IDs.
"Such scams have been around for years. By using the credentials to access an Apple iCloud account, the attackers can enable the 'Find My iPhone' service - this is not only able to locate a lost or stolen device, but also to set a passcode preventing third parties from accessing the personal data stored on the smartphone.
"This is clearly a form of ransomware, previously only seen on PC and, recently, on Android devices - although in these cases malware was used to trigger this behaviour. This campaign is further proof that cybercriminals are adopting criminal business models developed for the PC, applying them to new areas and fine-tuning their methods."