Worm Gazon, fake Amazon gift card is targeting Android users

Pierluigi Paganini March 11, 2015

Android Gazon malware redirects a potential victim to a webpage that promises an Amazon gift card if you install an APK file hosted on the page.

There is a new piece of malware called “Gazon”, and according to “adaptivemobile” already 4000 android users are infected.

“Gazon” was discovered on 25 of February and until yesterday no major vendor was detecting it.

The good news is that some of these vendors are now detecting Gazon, which means that most probably will prevent the continuation of the spreading.

“Gazon spreads via SMS with a shortened link to itself in the spam message, redirecting a potential victim to a webpage that promises an Amazon gift card if you install an APK file hosted on the page” states the post from Adaptivemobile.

The delivered message uses the base model:

Hey [NAME], I am sending you $200 Amazon Gift Card You can Claim it here : https://bit.ly/getAmazon[CENSORED]

Normally all this starts with a received SMS from a person (that normally have your contact). The SMS contains a link that leads you thinking that you are accessing an application that provides you with amazon rewards but what is actual doing is redirecting you to a page where it will be asking you to participate in a survey.

The smart thing about this malware, that in my opinion made it pass under the radar for some time until now is that it will not try to steal your credit card information, or your paypal, etc etc, what in fact will be doing is if you finish the first survey it will ask you or to download a game or to do another survey and by that you will keep clicking pages, and the author of the malware is earning money per click.

The tricky part of this malware (or wouldn’t be called malware), it’s his spreading vector, and by that I mean that the malware steals your contacts and sends a spam message for every single contact, being that message the same one that the infected user first received.

One curious thing discovered by our colleagues in Adaptivemobile, is that a piece of the malware code points to a Facebook account of a real person, a person that was already involved in WhatsApp spam.

I strongly believe that people need to have double care, nowadays when using their mobile phone, if possible always check and re-recheck whatever app you are thinking in downloading, and if you receive something odd (even from a friend) don’t risk it.

About the Author Elsio Pinto

Elsio Pinto is at the moment the Lead Mcafee Security Engineer at Swiss Re, but he also as knowledge in the areas of malware research, forensics, ethical hacking. He had previous experiences in major institutions being the European Parliament one of them. He is a security enthusiast and tries his best to pass his knowledge. He also owns his own blog http://high54security.blogspot.com/

Published by Pierluigi Paganini

(Security Affairs – Gazon Android malware, mobile)

Amazon Android Gazon malware mobile spam

Pierluigi Paganini July 04, 2025

A flaw in Catwatchful spyware exposed logins of +62,000 users

Pierluigi Paganini July 03, 2025