Data443 & Cyren
Products
- - - Products
    - For OEMs
    - Malware Detection
    - Malware Analysis
    - URL Categorization
    - Email Security
    - Threat Intelligence
    - For Enterprises
    - Malware Analysis
    - Inbox Security for Office 365
    - Threat Intelligence
  - - In the News
      
      Online Businesses Become a Phisher’s Playground
      Not nearly enough businesses have deployed sufficient security measures against phishing attacks through website builders and CMS platforms.Read Article on DarkReading >
      
      Go to Newsroom >
Solutions
- - - Expert Support
      
      Cyren’s dedicated security analysts have the expertise to deeply investigate sophisticated threats – their embedded documents and messy code.
      
      And from their vantage point across companies, geographies, and industries, analysts can track emerging attack vectors and prevent breaches.
      
      “For any false positive or user reported items, we do not need to be involved. Cyren’s dedicated team is on top of all these items.”
      
      via Gartner Peer Insights
Resources
- - - Recent Posts
      - Analyzing behavior to protect against BEC attacks December 22, 2022
      - Using NLP techniques to protect against BEC attacks December 8, 2022
      - Phishing with QR codes December 1, 2022
Company
- - - Company
    - About Cyren
    - Careers
    - Management
    - In the News
    - Contact Us
  - - In the News
      
      Online Businesses Become a Phisher’s Playground
      Not nearly enough businesses have deployed sufficient security measures against phishing attacks through website builders and CMS platforms.Read Article on DarkReading >
      
      Go to Newsroom >
BOOK A DEMO

Select Page

Cyren Security Blog

The Cyren Security Blog is where Cyren engineers and thought leaders provide insights, research and analysis on a range of current cybersecurity topics.

Gazon SMS Trojan targets Android users by promising Amazon gift cards

Gazon is a malware targeting Android phones that sends multiple SMS text messages to every contact in the victim’s phone book. After opening the malware on the Android device the victim is told that he has won an Amazon gift card for $200. To redeem the gift card the victim is asked to take a quick survey. By clicking the survey button the malware author gets money from advertisement in the application while in the background the malware sends an SMS text message to every contact in the victim’s phone book with the message:

How it spreads and installs

The malware spreads via SMS text message from infected users as soon as the victim opens the malware (application). It has also spread via social media like Facebook and Twitter. The link where the malware was stored has now been disabled.

After the .apk has been downloaded the user will have to open “Settings – Security” and mark the “Unknown Sources” check box. After that he is able to install the application. The malware has no automatic startup technique.

Payload

After installing the malware on the device, an Amazon Reward icon appears in the Application window. When the Amazon Reward application is opened a big Amazon logo appears for a few seconds and the user is taken to a screen where he is told he can get a “Free $200 Amazon gift card” by taking a Survey.

By clicking “Take the Survey!” button the victim is asked to complete one of the tasks/offers bellow and by clicking that button is taken to a new page where he is told he has been selected for a “FREE APP!” The free applications are legitimate applications from the Google Play Store. The malware author receives money from the ad clicks.

getContacts() Here the malware goes through the victims contact list and creates an SMS text message including the contacts name to make it more believable.

sendSMS()

The URL that displays the Amazon Reward scam.

This is the screen that is displayed after the victim has clicked the “Take the Survey!” button.

And here is where the malware author makes money. By clicking on one of the free games the malware author earns a few cents for each click.

List of permission the application uses:

android.permission.SEND_SMS
android.permission.READ_CONTACTS
android.permission.INTERNET
android.permission.ACCESS_NETWORK_STATE

This SMS/Trojan is detected by CYREN as AndroidOS/Gazon.A.gen!Eldorado.

Read more about CYREN‘s Mobile Security for Android if you are thinking about adding mobile security to your product offering.

Mar 9, 2015 | Security Research & Analysis

Categories

You might also like

Analyzing behavior to protect against BEC attacks

Business Email Compromise

Understanding “normal” behaviors in email exchanges are key to combating advanced phishing and BEC attacks by John Stevenson Detecting Business Email Compromise (BEC) In the final part of our series of blogs on Business Email Compromise (BEC), it’s time to look at how...

Using NLP techniques to protect against BEC attacks

Business Email Compromise, Office 365, Phishing

How Natural Language Programming help combat phishing and BEC attacks by John Stevenson Business Email Compromise (BEC) Business Email Compromise (BEC) covers a range of email attacks that typically share a common core attribute. There is no obvious executable...

Phishing with QR codes

Phishing, Security Research & Analysis

Don’t Scan or be Scammed By Maharlito Aquino, Kervin Alintanahin and Dexter To In 1994, a type of the matrix barcode known as the Quick Response code, now widely known as QR code, was invented by Masahiro Hara from a Japanese company Denso Wave. The purpose of the...