Fake Amazon vouchers littering malware onto Android devices via SMS

3 Mar 2015

Share on FacebookTweet about this on TwitterShare on LinkedInShare on Google+Pin on PinterestShare on RedditEmail this to someone

Share on FacebookTweet about this on TwitterShare on LinkedInShare on Google+Pin on PinterestShare on RedditEmail this to someone

AdaptiveMobile has uncovered what it calls one of the “single largest messaging-initiated mobile malware outbreaks.” It’s pretty bad, and it’s called Gazon.

Now a week old, Gazon uses contacts in your phone to send fake messages on to their contacts linking to offers of dodgy Amazon coupons which, when opened, install the malware on the user’s device.

AdaptiveMobile claims it originated in the US, and has so far spread as far as Europe, Asia and Australia.

Indeed 16,000 click-throughs have been generated from the attack, with SMS the (surprisingly) dominant mode of transport for the malware.

When users follow the instructions from the fake Amazon message, it brings them to subsequent scam pages, requesting that a survey is filled out.

Gazon malware

Survey prompts from Gazon seem to catch people out. Via AdaptiveMobile

Each option clicked brings people to more scam pages, where they are asks you to download a game from Google Play.

“While you are busy clicking through pages the author just earns money through your clicks as we have seen in other pieces of mobile malware,” reads AdaptiveMobile’s report.

“However, in the background this malware harvests all your contacts and sends a spam message to each of them with the URL pointing to the body of the worm.”

Gazon-adaptivemobile

All the options are dodgy, with game downloads and competitions all feeding money to the author. Via AdaptiveMobile

By using users’ own contacts to mask the sent SMS, Gazon adds an air of perceived accountability to the travelling malware, with its fast-paced spread a worry.

“The speed with which this was able to spread round the globe shows how attackers are using mobile messaging as one of the most effective methods of distributing malware and achieving rapid global reach,” said AdaptiveMobile’s Simeon Coney – over 200,000 instances have been blocked by AdaptiveMobile so far.

Malware image, via Shutterstock

Gordon Hunt is senior communications and context executive at NDRC. He previously worked as a journalist with Silicon Republic.

editorial@siliconrepublic.com