Categories: CyberCrimeSecurity

Malware Disguises Itself As Amazon Early Black Friday App

Shoppers looking for an early Black Friday bargain has been warned against online services that appear too good to be true.

Security firm Zscaler says it has uncovered fake apps that appear to offer early access to Amazon’s ‘Black Friday’ and ‘Cyber Monday’ offers and deals, but in reality contain malware that can scam large number of people.

Shoppers who install the app could be at risk of having their personal information or payment details stolen, the company is warning.

Disguised

The fake app (pictured left) is labelled as a real “Amazon” app, with the authors of the malware cyber-squatting on a legitimate Amazon domain in order to fool customers.

Once installed, the malware disguises itself as a legit Amazon app, but when started up, loads another app named “com.android.engine”. This application then asks for administrative privileges and other risky permissions like sending SMS and dialling phone numbers, rooting itself on to the device and meaning it cannot be easily removed.

It will then begin displaying the error message: “Device not supported with App”, making the user think they should delete the fake Amazon app, but leaving the malware in place.

This then loads a code routine to collect victim’s browser history and bookmarks, as well as being able to able to harvest the call logs, received inbox messages and segregate it into sender’s numbers, SMS body, received incoming call number and contact names.

“Especially during this shopping season, consumers need to be aware of the applications they’re downloading and stay away from such fake apps,” Zscaler warns.

“Always install applications from legitimate app stores and websites. Be aware of the permissions asked by the application during installation. Shopping apps should not be asking for access to your contacts or SMS. Keeping an eye on the permissions used by the app can save you from installing such fake apps.”

Take our data breaches of 2015 quiz here!

Mike Moore

Michael Moore joined TechWeek Europe in January 2014 as a trainee before graduating to Reporter later that year. He covers a wide range of topics, including but not limited to mobile devices, wearable tech, the Internet of Things, and financial technology.

Recent Posts

X’s Community Notes Fails To Stem US Election Misinformation – Report

Hate speech non-profit that defeated Elon Musk's lawsuit, warns X's Community Notes is failing to…

1 day ago

Google Fined More Than World’s GDP By Russia

Good luck. Russia demands Google pay a fine worth more than the world's total GDP,…

1 day ago

Spotify, Paramount Sign Up To Use Google Cloud ARM Chips

Google Cloud signs up Spotify, Paramount Global as early customers of its first ARM-based cloud…

2 days ago

Meta Warns Of Accelerating AI Infrastructure Costs

Facebook parent Meta warns of 'significant acceleration' in expenditures on AI infrastructure as revenue, profits…

2 days ago

AI Helps Boost Microsoft Cloud Revenues By 33 Percent

Microsoft says Azure cloud revenues up 33 percent for September quarter as capital expenditures surge…

2 days ago