Hoards of shoppers hunting for the best Black Friday deals and perhaps not paying full attention to online safety makes this a time of year when cyber criminals are also keen to cash in on moneymaking opportunities.
Internet security company Zscaler has uncovered a widespread malware campaign whose authors are scamming large numbers of people by creating fake Android apps offering early access to Amazon's Black Friday and Cyber Monday sales.
Once installed it masquerades as a legitimate Amazon app. When launched it starts a child app that asks for admin privileges and other risky permissions including sending SMS and dialing phone numbers. This app registers itself as a service so it will stay on the device even if the original app is removed.
It has code for harvesting the user's personal data including call logs and received inbox messages, collecting sender's numbers, SMS body text, received incoming call numbers and contact names.
Zscaler warns users to, "Always install applications from legitimate app stores and websites. Be aware of the permissions asked by the application during installation. Shopping apps should not be asking for access to your contacts or SMS".
More information on the attack is available on the Zscaler blog.