“Pinterest Tool” scam aimed at stealing login credentials

Last week we warned about fake “Password changed” emails targeting users of the popular photo-sharing website, but there has been a general uptick in Pinterest-themed scams and malware distribution schemes lately.

This week Finnish security professional Janne Ahlberg has described his encounter with a scam that tries to trick users into downloading a browser add-on that is purportedly needed to continue with the Pinterest browsing and to “enjoy more features”:

This “Pinterest Tool” is promoted via diet posts / spam on the website, which redirect users to the typo-squatting pinteresf.org domain where add-ons for Chrome and Firefox are pushed onto users.

Unfortunately for the victims, the plug-in is malicious: it collects usernames and passwords from the websites they visited and sends them to a remote server controlled by the scammer.

“I’m certain there are other similar attack tools,” says Ahlberg, and warns: “If you see similar kind of ‘tool’ offer, just close the browser window. Selecting ‘no thanks’ most likely leads to plug-in installation.”

It’s interesting to note that this is not the first time the “Pinterest Tool” is being offered to unsuspecting users. Almost exactly a year ago, IT pro Jason Hamilton detected and described an almost identical campaign.

At the time the scammer used a different redirection path, a different typo-squatting domain (pintrerets.com), a different wording of the pop-up message, and targeted only Firefox users (all others were redirected to the wanted recipe site).

“Grabbing the 2KB .xpi addon file from another browser and examining it as I learned with updating Firefox addons, I was able to see that the addon monitors when you load a page and inserts information into the header,” he wrote at the time, adding that it would also build a random domain and run a function with botnet in the name, as well as pull more files from the domain from which the “tool” is served to the victims.

“With Pinterest’s high click-through rate, it is likely to continue being a target in the future for delivering malware and misleading users,” he stated, and it turns out he was right.

It’s disheatening to see that these type of scams are still working and, unfortunately for all of us, will likely continue working in the foreseeable future.

Don't miss