Amazon, Amazon Music, and the Amazon-owned Audible audiobook and podcast service are being used to lure people to various illicit sites that promote suspicious schemes.
The news comes soon after a report revealed that threat actors have been exploiting Spotify to distribute pirated software, game cheats, and spam links. Now, Amazon’s music and podcast services are being abused to urge people to follow external links, leading them to dubious sites and Telegram channels. There, victims are encouraged to participate in suspicious “forex trading” schemes and even download pirated software via a bunch of links to “warez” sites.
Threat actors achieve this by adjusting playlist names and podcast descriptions, even creating bogus episodes of shows. This is no small feat, as it requires actually uploading content to Amazon’s systems, filling out metadata, and so on.
One Amazon Music listing that surfaced from Google search results invited people to “download book map… final full crack.” Aside from Amazon Music and Audible, listings for things like “bot trading software” have also been discovered on several Amazon domains, including amazon.com, amazon.co.uk, and amazon.com.au, with external links leading to suspicious sites.
In some cases, bogus podcast episodes are zero seconds long. As Google’s crawler picks up these bogus listings, they appear in search results and boost spammy domains’ rankings. Some of the bogus listings are linked to YouTube channels, where victims are further exploited and sent off to so-called “trading” marketplaces, which are anything but.
Amazon has always been a preferred target for spammers due to its size and reach, but this is the first time we saw media listings being leveraged to drive traffic to illicit sites. Companies like Amazon, Apple, and Google permit content creators to upload their content for inclusion in their online stores and services.
In many cases, platforms use third-party services for podcast publication and distribution, making it more difficult for platform owners to catch bogus content. In this example, threat actors seem to have exploited a service called Firstory to promote illicit sites on multiple streaming platforms simultaneously.
Nevertheless, it’s somewhat surprising that seemingly no checks are in place to prevent threat actors from uploading links-laden content. If anything, this sounds like something AI could help with.
Source: Bleeping Computer
