Amazon and Audible flooded with 'forex trading' and warez listings

by · BleepingComputer

Amazon, Amazon Music, and Audible, an Amazon-owned online audiobook and podcast service, have been flooded with bogus listings that push dubious "forex trading" sites, Telegram channels, and suspicious links claiming to offer pirated software.

Amazon listings promote illicit sites

Yesterday, BleepingComputer reported how threat actors were abusing Spotify playlists and podcasts to promote pirated software and game cheats.

The playlist names, podcast descriptions, and bogus "episodes" in these listings urged listeners to visit external links to dubious websites.

We have now come across several listings on Amazon's websites including amazon.com, amazon.co.uk, amazon.com.au, and Amazon Music that promote dubious "forex trading" schemes and link to "warez" sites.

Spammers are additionally abusing Audible podcasts as another vector to promote their illicit operations.

No digital platform that's open to all is immune from being spammed. What makes cases involving Spotify or Amazon peculiarly interesting is, one would instinctively expect the overhead associated with podcast and digital music distribution to deter spammers who'd otherwise rely on low hanging fruits, such as writing spammy social media posts or uploading YouTube videos with tainted descriptions.

An Amazon Music (Colombia) listing below which appears in Google search results for "download bookmap... final full crack" is shown below:

An Amazon Music listing with links to software cracks or "warez" sites
(BleepingComputer)

Similarly, Amazon websites including amazon.com and .com.au were caught serving listings for "bot trading software" laden with external links.

Amazon listing for 'bot trading software' offered 'crack free' (BleepingComputer)

BleepingComputer observed the length of the audio "episodes" published under these "podcasts" was zero seconds. As such, these listings served no purpose other than flooding Amazon's digital properties in an attempt to boost the search engine ranking for spammy domains, a technique referred to as SEO poisoning.

SEO poisoning using Amazon's domains (BleepingComputer)

BleepingComputer reached out to Amazon and Audible with our questions and shared one of the example listings with Amazon well in advance of publishing.

Amazon removed the example listing across its websites but did not respond to our questions.

'Trading' marketplaces and Telegram channels

A common trend we observed among many such listings was the mention of a dubious "trading platform" called EliteMarketMovers.

'EliteMarketMovers' mentioned repeatedly in listings (BleepingComputer)

Some listings send users off to the Telegram and YouTube channels of this "marketplace."

Telegram channel (BleepingComputer)

While the "EliteMarketMovers.com" domain no longer responds due to a likely server misconfiguration, we peeked into the archived copies of the website:

'EliteMarketMovers' website retrieved from archives (Wayback Machine)

The website claims to offer several "trading pairs" and "top forex robot" products, but there's little indication or assurance that these are authentic offerings or that the platform is a licensed and regulated entity in your jurisdiction. 

A product being offered at EliteMarketMovers (BleepingComputer)

Spam an ongoing problem for podcast distribution services

As we explored yesterday, like several Spotify "podcasts", these listings are also abusing third-party podcast publication and distribution services to push their bogus products on high ranking websites like Amazon.

BleepingComputer noticed an identical "Powered by Firstory" banner on these listings, implying the "podcast" producers are abusing Firstory to promote their operations across Amazon, Spotify, and other streaming platforms:

Powered by 'Firstory Hosting' banner (BleepingComputer)

Launched in 2019, Firstory is an online service designed to "empower podcasters in the world to distribute everywhere and start to connect with audiences!"

One can use Firstory to publish podcasts on Spotify, but the platform acknowledges that spam is an ongoing problem that it is focusing on curtailing.

"Spam accounts and content are ongoing challenges, and it's something we continue to focus on improving," wrote Firstory co-founder Stanley Yu to BleepingComputer in response to our questions yesterday.

Anyone can use Firstory to publish podcasts to streaming platforms.

"However, we do have certain filters in place to prevent accounts using specific fraudulent domains or email addresses containing variations such as account+[numbers]@gmail.com or '.' in emails."

"These spam accounts not only violate the rights of the creators we value most, but they also drive up our operational costs. We've dedicated considerable resources to addressing this issue," states Yu.

In addition to collaborating closely with streaming platforms, Firstory continues to report infringing content to platforms, employ technology to scan podcast titles and shownotes for specific spammy keywords, and block suspicious email addresses used by threat actors to pollute these platforms.