Security company stops 200,000 malicious messages

Mar 4, 2015 13:44 GMT  ·  By

A free $200 / €180 gift card for products on Amazon is an attractive offer and cybercriminals rely on it to pass a piece of malware designed to trick mobile users into accessing potentially dangerous web pages.

Victims receive a text message from someone they know, offering the possibility to get the free Amazon gift card by installing an app available at a provided link. The software piece purports to be specifically created for aggregating Amazon rewards.

4,000 infected devices detected in North America

Once running on the mobile device, the malware asks the victim to complete online surveys in order to access the offers, or to download applications from Google Play.

It does not really matter what the user chooses. The scammers fill their pockets with each tap on the screen, as they get paid for each survey and every installed app (affiliate marketing). Alternatively, the malware pushes offers to subscribe to premium-rate services.

Security researchers at Adaptive Mobile dubbed the malware Gazon because its background activity consists in collecting the contacts on the phone and spamming each of them with the luring message, thus ensuring its propagation.

It appears that more than 4,000 infected devices have been identified in all major mobile networks in North America, and Adaptive Mobile has blocked no less than 200,000 spam messages generated from these phones.

Scammer is not at first operation

Since the link to the malware is shortened through the bit.ly service, the security company was able to gather statistics about the total number of infections and observed that users in other countries were also affected.

On Monday, there was no antivirus engine available on VirusTotal that could detect Gazon, but things may have changed for the better in the meantime.

Adaptive Mobile says that the account for the shortened URLs was associated with the Facebook profile of a real individual, who conducted at least one other scam that took advantage of WhatsApp messenger’s name to lure the potential victims.

“The URL and the account have already been disabled and therefore further malware propagation is stopped,” the company said in a blog post on Monday.

Gazon mobile malware (5 Images)

Web page hosting Gazon malware for Android
Gazon mobile malware masquerades as Amazon Rewards appOnline survey scam delivered by Gazon mobile malware
+2more