Family members recently reported to me that they got a popup message on their iPhones and Macs asking them to re-enter their Apple ID password for the account associated with iCloud. I’ve seen with my own eyes and I have no idea how widespread this is, but it was peculiar to see it so close to home (literally).
Fortunately, I have spread skepticism about entering one’s password into a random popup and both my wife and father asked me if these requests were legitimate. These may say “Apple ID Verification,” and they appear over the Home screen in iOS/iPadOS, and as a system popup window in macOS.
You can imagine that malware that could create something similar would be an effective—if short lived–way to phish for people’s passwords. In fact, a researcher managed to find a bug in 2015 (quickly patched) that allowed a specially crafted email message to display a very suspiciously accurate dialog.