IT Pro is supported by its audience. When you purchase through links on our site, we may earn an affiliate commission. Learn more

Sophos sounds alarm over Apple iTunes malware scam

Security vendors warns PC users to be on their guard against unsolicited emails as the festive season approaches.

Music cloud

PC users are being duped by a new type of malware that uses a fake Apple iTunes credit card charge to steal money from their bank accounts.

Security vendor Sophos is warning people to be on their guard against the scam, which typically starts with computer users receiving a malicious email informing them of a $699.99 Apple iTunes credit card charge.

"At first glance, recipients may find the malicious emails quite realistic as they use Apple's logos and formatting to appear like a genuine emailed receipt from the company," said Sophos in a statement.

Users' computers can be infected by malware that logs keystrokes and compromise bank accounts.

When users click on one of the links contained in the email, they are taken to a web page purporting to belong to the IRS, which houses a Blackhole malware kit.

This is typically used to exploit vulnerabilities in Java, Adobe Reader and Adobe Flash Player, Sophos warns, which can lead to systems getting infected by a Zeus/Zbot Trojan.

However, if none of the exploits work, users are instructed to download a more recent version of their web browser, which contains a copy of the Zeus banking Trojan.

"The end result is that users' Windows computers are infected by malware that can log keystrokes and compromise bank accounts," said Sophos.

Graham Cluley, senior technology consultant at Sophos, said users should always treat links in unsolicited emails with caution.

"Instead, users should go to the website of the company in question, or call the number on the back of your card or billing statement to find out the truth," he advised.

"This is especially important at this time of year, as we typically see increased criminal activity during the Christmas season," he added.

Featured Resources

The COO's pocket guide to enterprise-wide intelligent automation

Automating more cross-enterprise and expert work for a better value stream for customers

Free Download

Introducing IBM Security QRadar XDR

A comprehensive open solution in a crowded and confusing space

Free Download

2021 Gartner critical capabilities for data integration tools

How to identify the right tool in support of your data management solutions

Free Download

Unified endpoint management solutions 2021-22

Analysing the UEM landscape

Free Download

Recommended

The IT Pro Products of the Year 2021: The year’s best hardware and software
Hardware

The IT Pro Products of the Year 2021: The year’s best hardware and software

31 Dec 2021
Sophos Intercept X Advanced review: AI-powered protection
endpoint security

Sophos Intercept X Advanced review: AI-powered protection

30 Nov 2021
Hackers could use new Wslink malware in highly targeted cyber attacks
malware

Hackers could use new Wslink malware in highly targeted cyber attacks

1 Nov 2021
FBI raids Chinese POS business following cyber attack claims
malware

FBI raids Chinese POS business following cyber attack claims

27 Oct 2021

Most Popular

Samsung proposes 11 Texas semiconductor plants worth $191 billion
Hardware

Samsung proposes 11 Texas semiconductor plants worth $191 billion

21 Jul 2022
How to boot Windows 11 in Safe Mode
Microsoft Windows

How to boot Windows 11 in Safe Mode

29 Jul 2022
Should you take your password manager off the internet?
Sponsored

Should you take your password manager off the internet?

28 Jul 2022