PandaLabs, yesterday issued a warning that the company has discovered fake iTunes receipts that was sent to users in an attempt to steal personal identifiable information. Interestingly, according to the company, the attack vector is via Flash, a technology Apple refuses to use for its alleged security weaknesses.
According to Pandalabs, users will be sent a “receipt” from iTunes that looks authentic. The bill’s total will be indicated incorrectly, in a way that will provoke users to take actions. The attack begins when the user clicks on a link to “report a problem”.
After clicking the link, the victim will be requested to download a fake PDF reader. Once the installation is completed, the user will be redirected to a website containing the Zeus Trojan. This will, in turn, affect the computer of the user.
Pandalabs urged users to be careful of emails that could assist of hyperlinks to websites consisting of malware. Users should also be careful when downloading any software when required to do so by unknown e-mails.
Source : techweek.org
No comments:
Post a Comment