Fake Black Friday Apps Set to Cause Consumer Chaos

Written by

Security experts have discovered over 32,000 malicious 'Black Friday' themed apps spoofing the branding of the top five US online retailers in an attempt to harvest lucrative customer data and spread malware.

RiskIQ technology analyzed two billion daily HTTP requests, 20 million mobile apps and 300 million domain records to compile its Black Friday E-commerce Blacklist report.

It revealed that one in 25 Black Friday apps are fake, with at least 15 malicious Black Friday apps for each of the top five American e-commerce brands. The brands were anonymized in the report but a spokesperson confirmed to Infosecurity that they have a global reach.

With UK consumers alone set to spend £10bn this year during the Black Friday period next week, it’s no surprise that cyber-criminals have jumped on the busy time to drive revenue of their own.

The apps are said to trick shoppers into entering credit card information or Facebook and Gmail log-in details, or even to download information-stealing malware and ransomware.

RiskIQ claimed the malicious applications can even be found on official marketplaces such as Google Play and the Apple App Store.

The top-five e-commerce brands studied in the report have had more than 1450 Black Friday-related URLs blacklisted because they are linked to spam, malware, or phishing campaigns, according to RiskIQ.

The news comes in the same week experts warned retailers to be prepared for a spike in attempts to hide fraudulent transactions during the busy shopping period.

ThreatMetrix claimed there would be at least 50 million fraud attempts next week, with scammers looking to use identity data harvested from the steady stream of recent major breaches.

Domain Tools has also been warning UK consumers about potential scams ahead, with a third (29%) planning to shop during the Cyber Monday sales bonanza following Black Friday.

In a recent survey it revealed that one in five UK consumers had been caught out by an online scam.

Among the brands it claimed were most likely to be spoofed are Amazon (87%), Argos (46%) and Tesco (35%).

What’s hot on Infosecurity Magazine?