Categories: CyberCrimeSecurity

Malware Disguises Itself As Amazon Early Black Friday App

Shoppers looking for an early Black Friday bargain has been warned against online services that appear too good to be true.

Security firm Zscaler says it has uncovered fake apps that appear to offer early access to Amazon’s ‘Black Friday’ and ‘Cyber Monday’ offers and deals, but in reality contain malware that can scam large number of people.

Shoppers who install the app could be at risk of having their personal information or payment details stolen, the company is warning.

Disguised

The fake app (pictured left) is labelled as a real “Amazon” app, with the authors of the malware cyber-squatting on a legitimate Amazon domain in order to fool customers.

Once installed, the malware disguises itself as a legit Amazon app, but when started up, loads another app named “com.android.engine”. This application then asks for administrative privileges and other risky permissions like sending SMS and dialling phone numbers, rooting itself on to the device and meaning it cannot be easily removed.

It will then begin displaying the error message: “Device not supported with App”, making the user think they should delete the fake Amazon app, but leaving the malware in place.

This then loads a code routine to collect victim’s browser history and bookmarks, as well as being able to able to harvest the call logs, received inbox messages and segregate it into sender’s numbers, SMS body, received incoming call number and contact names.

“Especially during this shopping season, consumers need to be aware of the applications they’re downloading and stay away from such fake apps,” Zscaler warns.

“Always install applications from legitimate app stores and websites. Be aware of the permissions asked by the application during installation. Shopping apps should not be asking for access to your contacts or SMS. Keeping an eye on the permissions used by the app can save you from installing such fake apps.”

Take our data breaches of 2015 quiz here!

Mike Moore

Michael Moore joined TechWeek Europe in January 2014 as a trainee before graduating to Reporter later that year. He covers a wide range of topics, including but not limited to mobile devices, wearable tech, the Internet of Things, and financial technology.

Recent Posts

Apple, Google Mobile Ecosystems Should Be Investigated, CMA Told

CMA receives 'provisional recommendation' from independent inquiry that Apple,Google mobile ecosystem needs investigation

2 days ago

Australia Rejects Elon Musk Claim About Social Media Ban For Under-16s

Government minister flatly rejects Elon Musk's “unsurprising” allegation that Australian government seeks control of Internet…

2 days ago

Northvolt Files For Bankruptcy Protection In US

Northvolt files for Chapter 11 bankruptcy protection in the United States, and CEO and co-founder…

2 days ago

UK’s CMA Readies Cloud Sector “Behavioural” Remedies – Report

Targetting AWS, Microsoft? British competition regulator soon to announce “behavioural” remedies for cloud sector

3 days ago

Former Policy Boss At X, Nick Pickles, Joins Sam Altman Venture

Move to Elon Musk rival. Former senior executive at X joins Sam Altman's venture formerly…

3 days ago

Bitcoin Rises Above $96,000 Amid Trump Optimism

Bitcoin price rises towards $100,000, amid investor optimism of friendlier US regulatory landscape under Donald…

3 days ago