‘Black Friday’ iTunes credit scam
Criminals have been infecting computers with malware disguised as an iTunes gift
An email claiming to be from Apple’s iTunes store contains a compressed ZIP file, which security experts say could allow hackers to gain access to computers.
The German Eleven security blog suggests that the attack is timed to coincide with the start of the American holiday shopping season, called Black Friday.
The email offers credit for iTunes music, games and video, and is just one of a huge number of scams that try to lure people in with offers that seem plausible in the context of other Black Friday discounts.
The email apparently offers recipients $50 and claims they need to open an attached file to access their certificate code. In fact the attachment is a file called Mal/BredoZp-B. It opens a security loophole on Windows PCs and allows hackers to remotely capture passwords and other information. It also slows down the computer and hides some files.
Although such malware can be removed with the use of widely available anti-malware tools, damage can be done in the meantime.
The attack comes at a time of burgeoning cyber threats on a number of fronts. Security firm Sophos has warned that Facebook users have been subjected to fake emails claiming they have violated the site’s terms and asking for credit card details, while other vendors claim to have seen a rise in attacks aimed at Android mobile phones.