Researchers at Bleeping Computer have discovered that two Amazon services have malicious links. As explained in a report, they are the streaming music platform Amazon Music and the audiobook and podcast platform Audible. In addition, fraudulent links have also been detected on amazon.com, amazon.co.uk and amazon.com.au.
Some ads appearing on Amazon Music, Audible, and Amazon ecommerce promote dubious “currency trading” pages, Telegram channels, and suspicious sites promising pirated software.
As indicated in Bleeping Computer, “no digital platform open to everyone is immune to spam.” In fact, they recently discovered similar fraudulent practices on Spotify. In that case, threat actors placed playlist names, podcast descriptions, and fake episodes in the listings to encourage listeners to visit malicious external links.
Examples of spam distribution through Amazon
There are several cases in which Bleeping Computer has detected that cybercriminals are using it to spread links suspected of being malicious. An example of this is on Amazon Music (Colombia) in which a playlist appears in which they claim that you can download pirated “bookmap 7.3.0”, a transaction platform. In fact, it seems to hide malware.
We can also see listings on amazon.com and amazon.com.au that supposedly offer “bot trading software.” There, they provide you with several external links that lead to Telegram channels that are fraudulent, according to Bleeping Computer experts.
On Audible, they have seen several podcast episodes that were zero seconds long. “These listings had no purpose other than to flood Amazon’s digital properties in an attempt to improve search engine rankings for spam domains, a technique known as SEO poisoning.” [envenenamiento SEO]«, the experts explain in the report.
Bleeping Computer researchers shared one of the example listings discovered with Amazon and Audible. The company immediately deleted it, but did not respond to questions.
EliteMarketMovers
In many links spread through Amazon platforms, they mentioned a suspicious “commercial platform” called “EliteMarketMovers.” There are lists that encourage users to enter Telegram or YouTube channels in this market.
It should be noted that the cybercriminals also had a domain “elitemarketmovers.com”. However, it is no longer responding, possibly due to poor server configuration. However, Bleeping Computer has accessed archived copies of the website and shared the download of various “trading pairs” and “top Forex robots” products.
From the article, they report that there is little indication that these are real and regulated programs. By downloading them, interested users would most likely put malware on their devices.
«Developed by Firstory»
Another action suspected of being malicious that is repeated is that, in many Spotify and Amazon lists, they encourage downloading programs indicating that they are developed by Firstory. This is an online service that was born in 2019 to “empower podcasters around the world to distribute everywhere and start connecting with audiences.”
Currently, Firstory can be used to publish podcasts to Spotify. But the company is not behind the spam detected on the aforementioned platforms, but rather fraudulent advertisements.
