BitDefender wrote today that the threat arrives via an unsolicited email urging the recipient to download the latest version of iTunes as a prelude to updating their iPad software.
“A direct link to the download location is conveniently provided. As a proof of cyber crime finesse, the web page the users are directed to is a perfect imitation of the one they would use for legitimate iTunes software downloads,” BitDefender said.
“Unfortunately for these users, following the malicious link means opening up a direct line to their sensitive data, instead of the promised iTunes update they get malware on their systems.”
It also tries to read the keys and serial numbers of the software installed on the device, and logs the passwords to any webmail, IM or protected storage accounts.