Hackers are hard at work trying to dupe iPad owners to install a malware-loaded iTunes update on their Windows PCs.
The malware is pushed to Windows users via spam email.
This particular threat comes in the form of an unsolicited e-mail, promising to keep iPad software updated “for best performance, newer features and security”. Via a conveniently provided link, the email instructs iPad users to download the latest version of iTunes software to their PCs as a preliminary step to update their iPad software. The download page to which users are directed is a perfect imitation of the one they would use for legitimate iTunes software downloads.
Identified by BitDefender as Backdoor.Bifrose.AADY, this piece of malicious code inadvertently downloaded injects itself in to the explorer.exe process and opens up a backdoor that allows unauthorized access to and control over the affected system.
Moreover, Backdoor.Bifrose.AADY attempts to read the keys and serial numbers of the various software installed on the affected computer, while also logging the passwords to the victim’s ICQ, Messenger, POP3 mail accounts, and protected storage.
Protecting yourself from this nasty is easy - don't click on download links offered to you in spam email.
It's interesting that hackers are choosing to target Windows-based iPad owners, rather than those users on Mac OS X. Proof positive that Windows users are still considered low-hanging fruit.