{"id":7038,"date":"2017-03-20T06:11:29","date_gmt":"2017-03-20T14:11:29","guid":{"rendered":"http:\/\/www.palada.net\/index.php\/2017\/03\/20\/news-829\/"},"modified":"2017-03-20T06:11:29","modified_gmt":"2017-03-20T14:11:29","slug":"news-829","status":"publish","type":"post","link":"http:\/\/www.palada.net\/index.php\/2017\/03\/20\/news-829\/","title":{"rendered":"Twitter app spams Fappening bait and Amazon surveys"},"content":{"rendered":"

Credit to Author: Christopher Boyd| Date: Mon, 20 Mar 2017 13:37:07 +0000<\/strong><\/p>\n

With news of another so-called Fappening (nude photos of celebrities distributed without permission)\u00a0doing the rounds<\/a>, it was inevitable that scammers would look to take advantage. We\u2019ve already seen message board aficionados warn others of dodgy download links and random Zipfiles claiming to contain stolen nude photos and video clips, but today we\u2019re going to look at one specific spam campaign aimed at Twitter users.<\/p>\n

The daisy chain begins with multiple links claiming to display stolen images of Paige, a well known WWE wrestler, caught up in the latest dump of files. With regards to two specific messages, we saw close to 300 over a 24 hour period (and it’s possible there were others we didn’t see). These appear to have been the most common, however.<\/p>\n

\"app<\/a><\/p>\n

\"search<\/a><\/p>\n

The messages read as follows:<\/p>\n

\n

1)<\/strong> “VIDEO: WWE Superstar Paige Leaked Nude Pics and Videos”<\/em><\/p>\n

2)<\/strong> “Incredible!!! Leaked Nude Pics and Videos of WWE Superstar Paige!!!!: [url] (Acept the App First)”<\/em><\/p>\n<\/blockquote>\n

Well, that doesn\u2019t sound suspicious at all.<\/p>\n

The Bit(dot)ly link, so far clicked close to 7,000 times, resolves to the following:<\/p>\n

twitter(dot)specialoffers(dot)pw\/funnyvideos\/redirect(dot)php<\/p>\n

That smoothly segues into\u00a0an offered Twitter App install tied to a site called Viralnews(dot)com.<\/p>\n

\"app<\/a><\/p>\n

The app permissions are as follows:<\/p>\n

\n

This application will be able to:<\/em><\/strong><\/p>\n

Read Tweets from your timeline.<\/em>
See who you follow, and follow new people.<\/em>
Update your profile.<\/em>
Post Tweets for you.<\/em><\/p>\n

Will not be able to:<\/em><\/strong><\/p>\n

Access your direct messages.<\/em>
See your email address.<\/em>
See your Twitter password.<\/em><\/p>\n<\/blockquote>\n

We’ll come back to the app later, but as far as the Viralnews goes, it appears to play\u00a0no part in what lies ahead (and looks like a very retro linkdump site). Once the app is installed, would-be picture viewers are sent to a site located at<\/p>\n

specialoffers(dot)pw\/paige-leaked-video<\/p>\n

\"landing<\/a><\/p>\n

The site\u00a0reinforces the idea that salacious stolen imagery is on the way – except that the site quickly greys out and makes it clear you have to click yet another link to continue. It\u2019s another bit(dot)ly (highlighted in the bottom left hand corner), which (after another redirect) took us\u00a0to the following URL:<\/p>\n

brazzershd(dot)co\/PaigeVideos<\/p>\n

\"promo<\/a><\/p>\n

We have a landing page, still promising stolen images (and indeed, serving one up) with the continuing promise of more to come. From the blurb:<\/p>\n

\n

1<\/strong> First Click on the Bottom Download<\/em>
2<\/strong> Then you will be redirected to an Amazon Giftcard Website where you have to Leave your Email<\/em>
3<\/strong> Leave your Email in the Blank Box to win an Amazon Giftcard and Click on SUBMIT<\/em>
4<\/strong> Then You will be Redirected to a MEGA Download where you could Download Paige Leaked Videos and Photos<\/em><\/p>\n<\/blockquote>\n

As per the screenshot, there’s one final redirect URL (a bit(dot)do address) which took us\u00a0to an Amazon themed survey gift card page. Suffice to say, filling this in hands your personal information to marketers – and there’s no guarantee you’ll get any pictures at the end of it (and given the images have been stolen without permission, one might say the people jumping through hoops receive their just desserts in the form of a large helping of “nothing at all”).<\/p>\n

\"amazon<\/a><\/p>\n

At this point, it’s time to return to the app and see what it’s been up to on the Twitter account we installed it on:<\/p>\n

\"twitter<\/a><\/p>\n

Automated spam posts, complete with yet more pictures used as bait.<\/p>\n

As freshly leaked pictures and video of celebrities continue to be dropped online, so too will scammers try to make capital out of image-hungry clickers. Apart from the fact that these images have been taken without permission so you really shouldn’t be hunting for them, anyone going digging on less than reputable sites is pretty much declaring open season on their computers. Do yourself a favour and leave this leak alone. It probably won’t be long before the Malware authors and exploit slingers roll into town.<\/p>\n

Christopher Boyd<\/p>\n

The post Twitter app spams Fappening bait and Amazon surveys<\/a> appeared first on Malwarebytes Labs<\/a>.<\/p>\n

https:\/\/blog.malwarebytes.com\/feed\/<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"

Credit to Author: Christopher Boyd| Date: Mon, 20 Mar 2017 13:37:07 +0000<\/strong><\/p>\n\n\n\n
<\/a><\/td>\n<\/tr>\n
With news of another so-called Fappening (nude photos of celebrities distributed without permission)\u00a0doing the rounds, it was inevitable that scammers would look to take advantage. We\u2019ve already seen message board aficionados warn others of dodgy download links and random Zipfiles claiming to contain stolen nude photos and video clips, but today we\u2019re going to look…<\/p>\n

Categories: <\/p>\n