Malware Disguises Itself As Amazon Early Black Friday App

Shoppers looking for an early Black Friday bargain has been warned against online services that appear too good to be true.

Security firm Zscaler says it has uncovered fake apps that appear to offer early access to Amazon’s ‘Black Friday’ and ‘Cyber Monday’ offers and deals, but in reality contain malware that can scam large number of people.

Shoppers who install the app could be at risk of having their personal information or payment details stolen, the company is warning.

Disguised

The fake app (pictured left) is labelled as a real “Amazon” app, with the authors of the malware cyber-squatting on a legitimate Amazon domain in order to fool customers.

Once installed, the malware disguises itself as a legit Amazon app, but when started up, loads another app named “com.android.engine”. This application then asks for administrative privileges and other risky permissions like sending SMS and dialling phone numbers, rooting itself on to the device and meaning it cannot be easily removed.

It will then begin displaying the error message: “Device not supported with App”, making the user think they should delete the fake Amazon app, but leaving the malware in place.

This then loads a code routine to collect victim’s browser history and bookmarks, as well as being able to able to harvest the call logs, received inbox messages and segregate it into sender’s numbers, SMS body, received incoming call number and contact names.

“Especially during this shopping season, consumers need to be aware of the applications they’re downloading and stay away from such fake apps,” Zscaler warns.

“Always install applications from legitimate app stores and websites. Be aware of the permissions asked by the application during installation. Shopping apps should not be asking for access to your contacts or SMS. Keeping an eye on the permissions used by the app can save you from installing such fake apps.”

Take our data breaches of 2015 quiz here!