Friday, March 29, 2019
Home / Malware / False iTunes Receipts trick users to Blackhole script

False iTunes Receipts trick users to Blackhole script

The email looks legitimate at first sight. It is decently written and altogether the design elements are in the proper place.

However, the scammers are most likely relying on the fact that recipients will rush to click on the links once they see that a “postcard” worth $699.99 (545 EUR) has been purchased with their credit card.  Attackers hoping unsuspecting user will be more worried about their credit card information has been stolen, rather then the e-mail itself.

GFI Labs experts have investigated these fake iTunes receipts and have found 2 different malicious domains that host the BlackHole exploit kit. Both of them appear to be active.

Users are advised to be careful when receiving such emails, even if they legitimately appear to originate from Apple as the e-mail address are spoofed.  Remember to always right click and copy link address!

About FastFlux

Owner of ZeroSecurity, interested in programming, malware analysis and penetration testing. If you would like to write for the ZeroSecurity team, please use the contact form above.

Check Also

Exploit Kit activity on a steep decline since April

As malware writers are moving to Neutrino and RIG exploit kits (EK) for dispersal needs, security experts …