Mobile Users Offered $200 Amazon Gift Card Through Gazon Malware Text Message Scam
Just like a professional deep sea fisherman, hackers are luring their next big catch with enticing bait in the form of an alleged $200 Amazon gift card that passes off a piece of malware designed to trick mobile users into accessing dangerous websites or links.
It is just about every day that hackers are conjuring up a new scheme to entice computer users and mobile device users with something that seems like a freebie. This time, it is the use of a $200 gift card offer that supposedly grants you access to purchase up to $200 worth of products on Amazon.
The gift card scheme that is currently circulating is one that eventually leads mobile device users to a questionable page that offers a $200 Amazon gift card or voucher. Use of the link plastered on a mobile device user's screen is one that causes a redirect to render a survey to access to offer. Additionally, the scheme may ask users to download apps from the Google Play store, which may be linked with the hackers who have initiated this scam.
How does this scam start and what does it look like?
Victims of the bogus Amazon voucher scam are first presented with a text message that appears to be from someone they know. The text message claims that they have the possibility of getting a free Amazon gift card by installing a certain app through a link that is provided in the message. Use of the link will cause the mobile device to load up a survey prompt, possibly based off of a malicious website that is loaded in the background of the mobile device. From there, completion of the survey may then initiate the Google Play store to download another application that is malware. In looking at the initial link from the text message, it uses a shortened URL through the bit.ly service in an effort to "hide" the site that it will eventually load. Once the malware is installed, it will then propagate by sending text messages to other users on the infected mobile device's contacts list.
The malware has been identified and named "Gazon" from security researchers at Adaptive Mobile. Known as a malware that collects contacts on a mobile device and then spams those contacts through text message, Gazon is ensured a gateway to spreading to thousands of other devices. So far, over 4,000 devices have been identified as infected on all major mobile networks in North America. However, upwards of 200,000 spam messages have been generated from those infected devices and blocked by Adaptive Mobile thus far.
By using a shortened URL services like bit.ly, researchers are not able to get the specific statistics on all of the related infections of this scheme. Currently, there are no known antivirus solutions that detected the Gazon malware infection on mobile devices. What researchers are relying on is the possibility of a Facebook user's profile who may have conducted another scam that took advantage of the WhatsApp messenger's name to lure victims.
Adaptive Mobile has confirmed that propagation of the malware has stopped as the related URL and account have been disabled. Though, it is not to say that an alternative may be used by hackers to restart this enticing scam and once again start infecting thousands of mobile devices.
It is prudent to be mindful and cautious of text message links that are received on your mobile device even if they appear to be from someone you know. It may be better to forfeit the $200 Amazon gift card for the safety of your device and stored contacts.