There is a new piece of malware called “Gazon”, and according to “adaptivemobile” already 4000 android users are infected.
“Gazon” was discovered on 25 of February and until yesterday no major vendor was detecting it.
The good news is that some of these vendors are now detecting Gazon, which means that most probably will prevent the continuation of the spreading.
“Gazon spreads via SMS with a shortened link to itself in the spam message, redirecting a potential victim to a webpage that promises an Amazon gift card if you install an APK file hosted on the page” states the post from Adaptivemobile.
The delivered message uses the base model:
Hey [NAME], I am sending you $200 Amazon Gift Card You can Claim it here : https://bit.ly/getAmazon[CENSORED]
Normally all this starts with a received SMS from a person (that normally have your contact). The SMS contains a link that leads you thinking that you are accessing an application that provides you with amazon rewards but what is actual doing is redirecting you to a page where it will be asking you to participate in a survey.
The smart thing about this malware, that in my opinion made it pass under the radar for some time until now is that it will not try to steal your credit card information, or your paypal, etc etc, what in fact will be doing is if you finish the first survey it will ask you or to download a game or to do another survey and by that you will keep clicking pages, and the author of the malware is earning money per click.
The tricky part of this malware (or wouldn’t be called malware), it’s his spreading vector, and by that I mean that the malware steals your contacts and sends a spam message for every single contact, being that message the same one that the infected user first received.
One curious thing discovered by our colleagues in Adaptivemobile, is that a piece of the malware code points to a Facebook account of a real person, a person that was already involved in WhatsApp spam.
I strongly believe that people need to have double care, nowadays when using their mobile phone, if possible always check and re-recheck whatever app you are thinking in downloading, and if you receive something odd (even from a friend) don’t risk it.
About the Author Elsio Pinto
Published by Pierluigi Paganini
(Security Affairs – Gazon Android malware, mobile)
Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.
Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.