Sophos sounds alarm over Apple iTunes malware scam

Security vendors warns PC users to be on their guard against unsolicited emails as the festive season approaches.

Music cloud

PC users are being duped by a new type of malware that uses a fake Apple iTunes credit card charge to steal money from their bank accounts.

Security vendor Sophos is warning people to be on their guard against the scam, which typically starts with computer users receiving a malicious email informing them of a $699.99 Apple iTunes credit card charge.

"At first glance, recipients may find the malicious emails quite realistic as they use Apple's logos and formatting to appear like a genuine emailed receipt from the company," said Sophos in a statement.

Users' computers can be infected by malware that logs keystrokes and compromise bank accounts.

When users click on one of the links contained in the email, they are taken to a web page purporting to belong to the IRS, which houses a Blackhole malware kit.

This is typically used to exploit vulnerabilities in Java, Adobe Reader and Adobe Flash Player, Sophos warns, which can lead to systems getting infected by a Zeus/Zbot Trojan.

However, if none of the exploits work, users are instructed to download a more recent version of their web browser, which contains a copy of the Zeus banking Trojan.

"The end result is that users' Windows computers are infected by malware that can log keystrokes and compromise bank accounts," said Sophos.

Graham Cluley, senior technology consultant at Sophos, said users should always treat links in unsolicited emails with caution.

"Instead, users should go to the website of the company in question, or call the number on the back of your card or billing statement to find out the truth," he advised.

"This is especially important at this time of year, as we typically see increased criminal activity during the Christmas season," he added.

Featured Resources

Become a digital service provider

How to transform your business from network core to edge

Download now

Optimal business results with the cloud

Evaluating the best approaches to hybrid cloud adoption

Download now

Virtualisation that enables choices, not compromises

Harness the virtualisation technology that's right for your hybrid infrastructure

Download now

Email security threat report 2020

Four key trends from spear fishing to credentials theft

Download now

Recommended

How LogPoint uses MITRE ATT&CK
Whitepaper

How LogPoint uses MITRE ATT&CK

15 Jan 2021
Weekly threat roundup: Microsoft Defender, Adobe, Mimecast
vulnerability

Weekly threat roundup: Microsoft Defender, Adobe, Mimecast

14 Jan 2021
Mimecast admits hackers accessed users’ Microsoft accounts
Security

Mimecast admits hackers accessed users’ Microsoft accounts

13 Jan 2021
What is public key infrastructure (PKI)?
Security

What is public key infrastructure (PKI)?

12 Jan 2021

Most Popular

How to recover deleted emails in Gmail
email delivery

How to recover deleted emails in Gmail

6 Jan 2021
The fate of Parler exposes the reality of deregulated social media
Policy & legislation

The fate of Parler exposes the reality of deregulated social media

14 Jan 2021
Should IT departments to call time on WhatsApp?
communications

Should IT departments to call time on WhatsApp?

15 Jan 2021