iTunes Malware Kicks Off Christmas Scam Season

Scammers are taking advantage of the Christmas shopping season with a flood of malware-bearing emails disguised as iTunes gift certificates, according to security experts.

The email arrives on the eve of Thanksgiving in the United States, which customarily kicks off the Christmas gift-shopping season in that country and elsewhere.

Disguise

It appears to come from a legitimate email address – official@itunes.apple.com – and contains an attachment called Gift_Certificate_iT9581.zip that pretends to offer $50 (£32) of credit at the iTunes Store, according to German security firm Eleven Security. When the file is launched it deploys an malicious executable file, Eleven said.

The malware, which Sophos has identified as Mal/BredoZp-B, creates a backdoor into a user’s system that can be used to download more malicious code, according to security vendors.

The message contains plain text only, with no graphic elements, Eleven said. The company said about half of the emails it detected originated from US IP addresses, with another 10 percent from the UK.

“As the holidays ramp up, so do scams like this,” wrote Sophos blogger Lisa Vaas. “It’s understandable that cash-strapped holiday shoppers might be click-happy enough to try to lighten their holiday with $50 worth of free music, video and games.”

Mal/BredoZp-B has been used in several other spam campaigns, including fake notifications from the US’ Federal Deposit Insurance Corporation in August.

Fraud shutdown

Earlier this month the Metropolitan Police’s Central e-Crime Unit (PCeU) said it had shut down more than 2,000 fraudulent e-commerce websites ahead of the Christmas shopping season, the latest move in the unit’s long-running battle against counterfeiting and fraud.

The PCeU worked with registrar Nominet to identify and shut down the site, but said no arrests were made. The police and Nominet would not name the sites which were taken down – but hinted that a future change might bring in “name and shame” publication of the culprits, as a result of the Nominet’s current review of criminal takedown rules.

Matthew Broersma

Matt Broersma is a long standing tech freelance, who has worked for Ziff-Davis, ZDnet and other leading publications

Recent Posts

Craig Wright Sentenced For Contempt Of Court

Suspended prison sentence for Craig Wright for “flagrant breach” of court order, after his false…

2 days ago

El Salvador To Sell Or Discontinue Bitcoin Wallet, After IMF Deal

Cash-strapped south American country agrees to sell or discontinue its national Bitcoin wallet after signing…

2 days ago

UK’s ICO Labels Google ‘Irresponsible’ For Tracking Change

Google's change will allow advertisers to track customers' digital “fingerprints”, but UK data protection watchdog…

2 days ago

EU Publishes iOS Interoperability Plans

European Commission publishes preliminary instructions to Apple on how to open up iOS to rivals,…

3 days ago

Momeni Convicted In Bob Lee Murder

San Francisco jury finds Nima Momeni guilty of second-degree murder of Cash App founder Bob…

3 days ago