Fake iTunes gift certificate offer carries malware

As the holiday shopping season is poised to start in the U.S. with tomorrow’s Black Friday, users are advised to be extra careful when it comes to too-good-to-be-true offers landing in their inboxes.

An example of this is a current spam email campaign that notifies them of having been the lucky recipient of a $50 gift certificate for iTunes:

“The spoofed email is purportedly from the iTunes Store, the subject line reads iTunes Gift Certificate, and the message includes an attachment that supposedly contains a certificate code,” warns Sophos.

Unfortunately, the zipped attachment is actually a variant of the backdoor-opening, information-stealing piece of malware detected by Sophos as Mal/BredoZp-B.