Fake iTunes Bill Delivers Bank-Draining Trojan

Dennis Faas's picture

Hackers have developed a new and clever scam that targets legitimate Apple iTunes subscribers, then drains their bank account.

Fake Bill Traps Customers into Clicking Malware Link

Victims of the scam receive fake "iTunes receipt" that appear completely authentic, with none of the spelling errors or image source code issues that have become synonymous with spam and malware messages.

The only real problem with the would-be receipt is that the total for the bill was said to be completely outrageous. And that's part of the trap.

Clicking "Report a Problem" Is a Big Mistake

Researchers say that the fake and outrageously high bill is enough to raise the ire of legitimate iTunes subscribers. The reason for this is that most people are likely to take action when seeing an "incorrect amount" appear on their bill.

Since the next step for most people in this situation would be to click the "report a problem" tab, this is where hackers have decided to plant the Trojan.

Fake Adobe PDF Reader Delivers Payload

The attack vector uses Adobe Flash, which is a technology that Apple refuses to use for its alleged security weaknesses. Panda Labs released a statement explaining the infection process:

"After clicking the link, the victim is asked to download a fake PDF reader. Once installation is complete, the user is redirected to an infected web page containing the Zeus Trojan, which is specifically designed to steal personal data." (Source: yahoo.com)

Phishing Schemes Increasingly Popular

Phishing has become a major problem for security companies in recent weeks, with users of the popular social network LinkedIn being the targets of a similar attack these past few weeks. (Source: scmagazineus.com)

According to Luis Corrons, technical director of Panda Labs, the variation in the methods of attack is what has been keeping security companies on edge.

"Phishing is nothing new. What never ceases to surprise us is that the techniques used to trick victims continue to be so simple, but the design and content is so very well-orchestrated. It's very easy to fall into the trap."

While some of the addresses that the malware uses is blocked by the Anti-Phishing Working Group, uncovering and restricting all addresses is an uphill battle that seems more and more improbable with each passing day.

| Tags:
Rate this article: 
No votes yet