A malware attack targeting Android devices has begun spreading worldwide, offering fake Amazon gift certificates in an effort to weasel its way onto victims’ phones and tablets.
Named “Gazon,” the attack sends messages with fake Amazon vouchers supposedly worth $200. It is “on the way to become one of the ‘spammiest’ mobile malware outbreaks seen yet,” according to security firm Adaptive Mobile, which discovered the attack.
If opened on an Android device, Gazon attempts to load malware which will send the same message to the device owner’s phone contact list, further spreading itself.
According to Adaptive Mobile, the malware has been accessed more than 16,000 times in 30 countries since it began spreading at the end of February. Nearly 99% of the attack has been spread via SMS text messages, but it has also been shared via other channels, including Facebook and email.
Adaptive said it has discovered the malware on more than 4,000 phones in North America and has blocked roughly 200,000 messages sent from those phones.
If victims click on a link in the spam message, it sends them to a Web page that asks them to download what is supposedly an Amazon rewards app.
Other fake apps on the page are actually links to sites that earn the sender money each time you click.
The text of the message Adaptive Mobile discovered reads: “Hey [name], I am sending you $200 Amazon Gift Card You can Claim it here,” with the link.
The malware can be removed using standard Android app uninstall tools.
Image via iStock.