Promises of freebies and other enticing promos are just a few of the tricks cybercriminals use to lure users to their profiteering schemes. TrendLabsSM engineers recently discovered suspicious-looking emails pretending to come from the iTunes Store. The spoofed email tells users they won a gift certificate worth US$50 and encourages recipients to check out the certificate code in the .ZIP file attachment. Opening the attachment, however, did not contain a supposed code but instead malware detected as TROJ_SASFIS.HN.
If executed, TROJ_SASFIS.HN drops the pgsb.lto (aka TROJ_DLOADR.SMVE) onto the system. This Trojan connects to websites to obtain instructions, which may include another URL wherein an updated copy of itself or another malware can be downloaded.
Unfortunately, this is not the first time the iTunes Store has been used in malicious schemes, as evidenced by the following previous entries:
- Spammers Spoof the Apple Store
- iPad Giveaway Gives Users’ Identities Away
- Yet Another Phish but from Apple Store
Users should refrain from opening dubious email messages and be wary of opening their attachments. Trend Micro™ Smart Protection Network™ protects users from this kind of attack by blocking spam before they even reach their inboxes via the email reputation service. File reputation service, on the other hand, prevents the download of TROJ_SASFIS.HN and TROJ_DLOADR.SMVE onto affected systems.