iTunes Used as Lure to Steal Banking Details

  • Apple’s popular service has become a target for hackers looking for confidential bank data
  • The email is a fake iTunes receipt corresponding to a purchase the user hasn’t made.

According to Panda Security, Apple’s popular iTunes platform has become the target of hackers looking to reach millions of potential victims -who every day enter their credit card details in this device- in order to steal this data and infect them.

Victims of this malware attack receive a cleverly crafted email informing them that they have made an expensive purchase using their iTunes device. The user, who has not made this purchase using the platform, is concerned by the email and rapidly tries to resolve the problem by clicking on a link in the email.

After clicking the link the user is asked to download a PDF reader, which is a fake. Once installed, this program redirects the user to infected Web pages (mostly Russian) containing banker Trojans among other malware which steal the user’s personal details. 

“Phishing is nothing new”, says Jeremy Matthews, head of Panda’s sub-Saharan operations. “What never ceases to surprise us is that the techniques used to trick victims continue to be so simple, although the design and content is often very well worked. It’s often difficult not to fall in the trap.”

Panda suggests that in order to avoid becoming a victim of this new attack, users should not enter platforms such as iTunes through email notifications. Rather, enter the website from the platform itself. This way, users can also check their account status in real time from the account itself, and thus recognize an attempt at phishing.

This technique has been reported to the Anti-Phishing Working Group, who has started to block some of the Web addresses linked to in the fake email. 

“We advise all users to be wary of any emails of this type, now matter how genuine they might seem”, concludes Matthews.

If you think you may have been affected, Panda advises you scan your computer thoroughly to locate any possible active threats. If you do not have an antivirus installed, you can use the free Panda Cloud Antivirus, available from

For more information about Panda, visit

Follow Panda Security South Africa @PandaSecurityZA

Join our Facebook Group

Related Posts

No Comments

Comments Closed