NewswireToday - /newswire/ -
Tres Cantos, Madrid, Spain, 2010/10/05 - Apple’s popular service, with millions of users transmitting bank details on the platform every day, has become a target for hackers looking for confidential bank data.
- The email is a fake iTunes receipt corresponding to a purchase the user hasn’t made. Users that click the link in the message will be asked to download a fake pdf reader.
- If they accept, they will be redirected to Web pages that download other malware, including banker Trojans.
Apple’s popular iTunes platform has become the target of hackers looking to reach millions of potential victims -who every day enter their credit card details in this device- in order to steal this data and infect them, according to PandaLabs, Panda Security’s anti-malware laboratory.
Users receive a cleverly crafted email informing them that they have made an expensive purchase using their iTunes device. The user, who has not made this purchase using the platform, is concerned by the email and rapidly tries to resolve the problem by clicking on a link in the email.
However, after clicking the link the user is asked to download a PDF reader, which is fake. Once installed, this program redirects the user to infected Web pages (mostly Russian) containing banker Trojans among other malware which steal the user's personal details.
“Phishing is nothing new”, says Luis Corrons, Technical Director of PandaLabs, “what never ceases to surprise us is that the techniques used to trick victims continue to be so simple, although the design and content is often very well worked. It's often difficult not to fall in the trap. That's why it's absolutely crucial that when you use platforms such as iTunes, and you receive these types of notifications, never go to the website through the email, but rather from the platform itself. You can check your account status in real time from the account itself. And in this case you would therefore realize it is an attempt at phishing”.
This technique has been reported to the Anti-Phishing Working Group, who has started to block some of the Web addresses linked to in the fake email.
We advise all users to be wary of any emails of this type, now matter how genuine they might seem. If you think you may have been affected, we advise you scan your computer thoroughly to locate any possible active threats. If you do not have an antivirus installed, you can use the free Panda Cloud.
More information is available in the PandaLabs Blog.
Since 1990, its mission has been to detect and eliminate new threats as rapidly as possible to offer our clients maximum security. To do so, PandaLabs (pandasecurity.com) has an innovative automated system that analyzes and classifies thousands of new samples a day and returns automatic verdicts (malware or goodware). This system is the basis of collective intelligence, Panda Security’s new security model which can even detect malware that has evaded other security solutions.
Currently, 99,4% of malware detected by PandaLabs is analyzed through this system of collective intelligence. This is complemented through the work of several teams, each specialized in a specific type of malware (viruses, worms, Trojans, spyware, phishing, spam, etc), who work 24/7 to provide global coverage. This translates into more secure, simpler and more resource-friendly solutions for clients.