searchtwitterarrow rightmail strokearrow leftmail solidfacebooklinkedinplusangle upmagazine plus
Help Net Security - Daily information security news with a focus on enterprise security.
Help Net Security - Daily information security news with a focus on enterprise security.
  • News
  • Features
  • Expert analysis
  • Videos
  • Events
  • Whitepapers
  • Industry news
  • Product showcase
  • Newsletters
Zeljka Zorz
Zeljka Zorz, Editor-in-Chief, Help Net Security
March 21, 2017
Share

Offer of nude celeb photos turns Twitter users into spammers

If not careful, Twitter users who are dead set on seeing nude photos of WWE star Paige will end up on marketers’ spam lists and with their own Twitter account pushing out messages leading other users to the same scam they fell for.

How the scam unfolds

The road to compromise starts with tweets offering the aforementioned photos and videos, and a bit.ly (shortened) link. Some of the tweets note in advance that the user will have to “Acept (sic) the App First”.

Users who follow the link – and so far nearly 7,000 users did – will land on a page that requires them to enter their Twitter username and password to authorise an app named “Viral News” to use their Twitter account:

nude celeb photos Twitter spammers

It is written plainly that the app will be able to post tweets on behalf of the user, but apparently that doesn’t worry many of them, although it should. As they are redirected to another web page once the app is installed, the app immediately begins tweeting from the victim’s account.

In the meantime, the user is redirected through several sites, and ultimately lands on an Amazon themed survey gift card page. He is instructed to enter his name and email address to be finally able to see the photos.

Malwarebytes’ Chris Boyd does not say whether, in the end, the user gets to see the photos or not. What is certain is that they have become a small cog in the machine that perpetuates this type of scam.

“As freshly leaked pictures and video of celebrities continue to be dropped online, so too will scammers try to make capital out of image-hungry clickers,” Boyd notes.

“Apart from the fact that these images have been taken without permission so you really shouldn’t be hunting for them, anyone going digging on less than reputable sites is pretty much declaring open season on their computers. Do yourself a favour and leave this leak alone. It probably won’t be long before the Malware authors and exploit slingers roll into town.”

More about
  • account hijacking
  • spam
  • Twitter
Share this

Featured news

  • Critical JetBrains TeamCity vulnerability could be exploited to launch supply chain attacks (CVE-2023-42793)
  • Cl0p’s MOVEit attack tally surpasses 2,000 victim organizations
  • Has Sony been hacked again?
Download: Ultimate guide to Certified in Cybersecurity

Sponsored

eBook: 9 Ways to Secure Your Cloud App Dev Pipeline

Free entry-level cybersecurity training and certification exam

Guide: Attack Surface Management (ASM)

Don't miss

Guide: SaaS Offboarding Checklist

Critical JetBrains TeamCity vulnerability could be exploited to launch supply chain attacks (CVE-2023-42793)

Cl0p’s MOVEit attack tally surpasses 2,000 victim organizations

Has Sony been hacked again?

Are developers giving enough thought to prompt injection threats when building code?

Cybersecurity news
Help Net Security - Daily information security news with a focus on enterprise security.
© Copyright 1998-2023 by Help Net Security
Read our privacy policy | About us | Advertise
Follow us