McAfee Labs recently published its Hacking the Human OS report, which details a number of ways in which cybercriminals rely on victims’ trust in a particular brand or public authority to hand over information or allow their systems to become infected with malicious code. This week, the McAfee Labs team uncovered a new scam leveraging user trust in the Amazon brand.
Amazon is one of the biggest online shopping markets. Recently, McAfee Labs team found new Android malware spreading via SMS (short message service) mascarading as an Amazon Rewards application. The SMS appears to come from your trusted contacts such as your family or friends who already have infected devices. Have you received an SMS (as below) offering an Amazon Gift Card from your family or friends by any chance?
The SMS uses a shortened URL and leads users to a malicious website to download malware with the filename AmazonRewards.apk. Then the website attempts to make users rush to download the application by reducing the remaining number of Free Gift Cards—a sneaky tactic!
After installation, “Amazon Rewards” is registered on the Menu.
The malware shows a survey website after it runs. It’s a good guess that the user can get an Amazon Gift Card by answering the survey, but that’s not the case. The survey and application offered by the malware are the legitimate advertisement and legitimate applications from the Google Play store. The malware author will get “reward” money from you when you answer the survey or install the application.
In addition, the malware sends SMS messages like the one above to all listed contacts, including your family and friends. As a result, the malware can spread widely and rapidly, and the malware author will get more money with each infection.
This SMS spreading method via contacts on infected devices will make this threat widespread in the mobile world, as we have already seen in China. So please do not install applications from untrusted sources, especially if they arrive in the form of an unexpected SMS message. Think before you click: If it’s too good to be true, it usually is! Your awareness will help slow the spread of such malware.
McAfee Mobile Security detects this Android threat as Android/Gazon and alerts mobile users if it is present, while protecting them from any data loss. For more information about McAfee Mobile Security, visit https://www.mcafeemobilesecurity.com.
Stay Updated
Follow us to stay updated on all things McAfee and on top of the latest consumer and mobile security threats.
