A security firm has identified a new type of malware that spams a mobile device’s contact list with SMS text messages touting fake Amazon gift card offers. According to an article posted on its blog, AdaptiveMobile states that the malware, dubbed ‘Gazon,’ is quickly becoming “one of the ‘spammiest’ mobile malware outbreaks seen yet.” Gazon employs a shortened link that advertises free Amazon gift cards. When users click on the link, they are redirected to a webpage that asks them to participate in a survey.
The survey, in turn, leads to a number of other scam pages or requests that users download a game from Google Play. Each click earns money for the malware’s authors, a tactic which has been seen in other types of malware, including the Koler ‘Police’ ransomware app. While users are clicking through the scam pages, the malware collects all of a mobile device’s contacts and sends them a URL that links to the body of the worm.
The attack originated in the United States on February 25th. Since then, AdaptiveMobile has identified at least 16,000 unique infections in more than 30 countries including Canada, the UK, France, India, Korea, and the Philippines. The security firm has blocked another 200,000 infection attempts so far. Gazon spreads predominantly via SMS text message. However, the malware has also been known to use Facebook and email in less than 1% of infections. In the time following the attack, AdaptiveMobile has traced back the shortened URL and determined that the campaign is linked to a Facebook account that was originally responsible for a WhatsApp spam campaign. Both the account and the campaign’s URL have now been disabled. It is recommended that mobile users take care when clicking on suspicious links in SMS text messages to avoid infection from Gazon and other types of mobile malware.
