Gazon malware targets Android users with phony gift card offers

March 9, 2015 Arctic Wolf Networks

Enterprises are becoming more vigilant about spotting and defending against malware on their networks, but many companies don't take steps to protect all of their endpoints. Mobility initiatives and bring-your-own-device programs are growing in popularity among modern businesses, and along with their rise comes an increase in the amount of malware targeting mobile devices.

A recent report by IT security firm Adaptive​ Mobile is warning companies about the threat of the Gazon malware, which spreads across devices through malicious text messages purporting to be offers for free Amazon gift cards. The virus has already infected more than 4,000 Android phones in North America alone, making it the largest text-based mobile attack against the Android operating system ever.

The Gazon malware is a worm, capable of propagating itself on multiple channels. More than 200,000 unsolicited SMS messages have been sent through the malicious software so far. When a victim clicks the link provided, the device's contact list is recorded and more spam messages are sent, continuing the process. The links do not lead to the promised $200 Amazon gift cards, but instead to a page of advertisements that trigger a commission fee for the worm's author.

The SMS message sent out by the Gazon worm reads, "Hey [name], I am sending you $200 Amazon Gift Card You can Claim it here," and then offers victims a link.

Attack targeting mobile devices are becoming more common
Using SMS messages, while almost unheard of just a few years ago, is becoming an increasingly common tactic for cybercriminals. Last summer a Trojan known as Koler used SMS to trick users into downloading software that locked devices until a ransom was paid. Another worm, Samsapo, was found in May and convinced victims to download malicious software through convincing text messages. Researchers with Adaptive​ Mobile have been able to track the Gazon worm back to the account of a single Facebook user that was previously linked to a similar attack involving the messaging service WhatsApp at the beginning of 2015.

As a growing number of threats are being directed at mobile devices, organizations must start implementing defense measures aimed at protecting all enterprise endpoints. Unknowing employees may be enticed to click on a malicious link on a connected mobile device and put the company's entire network at risk. In order to protect against this, businesses should deploy network monitoring and threat detection services. Continuous monitoring of enterprise networks allows companies to identify signs of an intrusion, meaning any attackers who gain entry through employee devices will be spotted right away.

Cybersecurity news and analysis brought to you by ArcticWolf, inventors of firebreak detection and response security services. FireBreak, when your firewall fails.

Previous Article
Illinois Attorney General calls for better data breach notification law

Illinois Attorney General Lisa Madigan wants to strengthen the state's legal requirements for reporting sec...

Next Article
Credit card data stolen from Mandarin Oriental Hotel

On March 4, luxury chain Mandarin Oriental Hotel Group confirmed unauthorized access of credit card data at...


Want cybersecurity updates delivered to your inbox?

First Name
Last Name
Thanks for subscribing!
Error - something went wrong!