Fake iTunes Receipt Leads To Malware

Sometimes technology can become a threat to your safety and well-being. Certain popular websites or services can easily be used by hackers to gather personal and valuable information. This kind of scenario took place multiple times up to this date and as technology evolves the abilities and expertise of hackers will as well. PandaLabs has recently announced that it has discovered fake  iTunes receipts which started being sent to users in an attempt to gather and steal personal data

According to PCMag, the attack vector is via Flash, a technology that the  Cupertino-company was reluctant to use for a long period of time, because of its alleged security weaknesses. A while back, Apple’s CEO  Steve Jobs made an official announcement on the company’s website regarding Apple’s products which according to him wouldn’t include support for Flash from Adobe because the technology is believed to be closed, unstable and antiquated. Adobe didn’t seem to be bothered by this and responded that it’ll focus its whole attention on apps for Google’s Android mobile platform. The research division of antivirus company Panda Security, called PandaLabs discovered that users are sent an electronic receipt from iTunes which looks completely authentic.

This particular receipt proves extremely dangerous because there’s absolutely no spelling error or something wrong with the image’s source code that users could spot. What the user who receives the mail will discover, however, is the bill’s total. The first move the users will want to do, in that case, is report a problem. Which is why the “report a problem” link is the trigger to the attack. If you stop to think about it, this is one type of malware that was pretty well thought of and perfected.
“After clicking the link, the victim is asked to download a fake PDF reader,” PandaLabs said. “Once installation is complete, the user is redirected to an infected Web page containing the Zeus Trojan, which is specifically designed to steal personal data. This phishing attack was uncovered shortly after a similar phishing attack targeting LinkedIn users appeared last week, which appears to have originated in Russia.” PandaLabs has asked that users be careful of e-mails that could hide a link to a site which includes malware. PandaLabs’ technical director Luis Corrons explained that phishing is definitely not new but the people behind various attacks will always come up with new ideas. While the techniques used to trick people are still simple, the design and the content is “very well-orchestrated” and it’s quite easy to fall for such traps.
He then advised users of services such as iTunes to never go to websites via e-mail, but just access the services from the platform itself, where their accounts status can be verified. This is definitely not the first time when iTunes encounters issues with malware. On a previous occasion a high number of users were charged for purchasing certain applications they didn’t remember purchasing. Some people discovered they’d paid large amounts of money for products they’d never seen in their lives. They started complaining on Twitter, the news spread fast and  Apple finally came up with a fix for it.



Related Posts

No comments: