Malware authors most likely based in Eastern Europe have devised a new phishing campaign designed to steal the login and password information from iTunes customers.
According to security software maker AppRiver, the new scam discovered this week starts with an unsolicited email with the subject, "Your receipt #" followed by a random number. The sender's address claims to be "iTunes Store" and spoofs the address donotreply@itunes[dot]com.
Within the email is a bogus iTunes receipt complete with formatting and syntax that makes it pretty clear that it's not from Apple's popular online music store, including the alleged "unit price" and "order total." In the example provided on the AppRiver security blog, the math didn't add up and the charges for the bogus purchases were several hundred dollars, a figure that would likely raise suspicion among even the most naïve Internet users.
The problem, however, is that when users click on any of the links contained within the email, they're redirected to one of 100 or more domains ending in .info where the malicious Zeus Trojan malware is then installed on their PCs or mobile devices.https://o1.qnsr.com/log/p.gif?;n=203;c=204650394;s=9477;x=7936;f=201801171506010;u=j;z=TIMESTAMP;a=20392931;e=i
"This time the final shows an Adobe Flash Required banner and attempts to automatically start the download of a file named 'flash_player-07.78.exe,' which is instead the malicious payload," AppRiver security analyst Fred Touchette wrote in the blog post.
This isn't the first time hackers have targeted Apple's (NASDAQ: AAPL) online music store.
In July, the company pushed out an update to version 9.2.1 to fix a buffer overflow security vulnerability.
Just one week after unveiling its new social network for iTunes, Ping, the site became a haven for malware, spam and phishing campaigns that led Apple's security team to quickly tighten up its comments section and eliminate some glaring security holes.
AppRiver officials said they were somewhat surprised that those responsible for this new iTunes phishing campaign were using the Zeus Trojan as the malware tool to steal users' data and passwords, considering that just last week the FBI busted a cybercrime ring in Eastern Europe responsible for stealing more than $3 million from U.S. bank customers.
"These [new malware scams] prove the scope of these Zeus infections and the tenacity of these cyber gangs even in the face of the arrests of hundreds of people in connection with these Zeus infections, specifically," Touchette wrote in the blog post.
Follow eSecurityPlanet on Twitter @eSecurityP.