Getting cheaper prices during Black Friday will not always bring you the best deals. Be vigilant and don't fall victim on the latest scam that recently hit Amazon.

Security firm Zscaler Research discovered a firmware that allegedly offers consumers an early access to Black Friday and Cyber Monday deals. Disguised as "Amazon.com Black Friday deals app," the said malware will collect personal data from a user who downloads the app. Consumers can be caught unaware as the said malware has used "cyber squatting" in order to portray the site as legitimate.

 

Downloading the app may not immediately post a threat on the user. However, if you are an observant user, the installation process will quickly raise some red flags. The start of the installation will immediately reload another app, "com.android.engine." Once loaded, it will ask the user some subtly risky permission, wherein the user may find it normal for a newly downloaded app. Subsequently, the Amazon.com app will post annoying error messages that all comes down to the app not being installed properly. The persistent message will prompt the user to just eventually remove or uninstall the app, not knowing that the "com.android.engine" still runs on the background.

The malicious app, while running on the background, will continue to receive personal data from the platform such as the user's bookmarks, browser history, inbox messages, call logs and even the callers' numbers. The user's contact information is also exposed and can be readily collected by the malware.

To know whether the malware is still running on your device after supposedly removing it, you can go to your device's Settings>App>Running Applications. If you can still see the suspicious app running on the background, you are still vulnerable to the malware. Zscaler Research warns consumers to always download apps from legitimate sites such as the Google App Store.

According to Yahoo! Tech, some of the threats that could actually rack up the user include huge charges on bills caused by the malware's auto dialing phone lines. It is also important to remember that the initial warning of the malware has already been there, downloading it from a third-party source instead of the Google Play Store.

Although there is no confirmed evidence on where the attackers intend to use the collected data, Yahoo! said that they can be used for ransom depending on the type of information they stole. The news outlet also advises users to always get apps from legitimate sites such as the apps stores.

Have you encountered the Amazon scam recently? Share your experience below.