Twitter app spams Fappening bait and Amazon surveys

With news of another so-called Fappening (nude photos of celebrities distributed without permission) doing the rounds, it was inevitable that scammers would look to take advantage. We've already seen message board aficionados warn others of dodgy download links and random Zipfiles claiming to contain stolen nude photos and video clips, but today we're going to look at one specific spam campaign aimed at Twitter users.

The daisy chain begins with multiple links claiming to display stolen images of Paige, a well known WWE wrestler, caught up in the latest dump of files. With regards to two specific messages, we saw close to 300 over a 24 hour period (and it's possible there were others we didn't see). These appear to have been the most common, however.

app spam

search result

The messages read as follows:

1) "VIDEO: WWE Superstar Paige Leaked Nude Pics and Videos"

2) "Incredible!!! Leaked Nude Pics and Videos of WWE Superstar Paige!!!!: [url] (Acept the App First)"

Well, that doesn't sound suspicious at all.

The Bit(dot)ly link, so far clicked close to 7,000 times, resolves to the following:

twitter(dot)specialoffers(dot)pw/funnyvideos/redirect(dot)php

That smoothly segues into an offered Twitter App install tied to a site called Viralnews(dot)com.

app install

The app permissions are as follows:

This application will be able to:

Read Tweets from your timeline.
See who you follow, and follow new people.
Update your profile.
Post Tweets for you.

Will not be able to:

Access your direct messages.
See your email address.
See your Twitter password.

We'll come back to the app later, but as far as the Viralnews goes, it appears to play no part in what lies ahead (and looks like a very retro linkdump site). Once the app is installed, would-be picture viewers are sent to a site located at

specialoffers(dot)pw/paige-leaked-video

landing page

The site reinforces the idea that salacious stolen imagery is on the way – except that the site quickly greys out and makes it clear you have to click yet another link to continue. It's another bit(dot)ly (highlighted in the bottom left hand corner), which (after another redirect) took us to the following URL:

brazzershd(dot)co/PaigeVideos

promo splash

We have a landing page, still promising stolen images (and indeed, serving one up) with the continuing promise of more to come. From the blurb:

1 First Click on the Bottom Download
2 Then you will be redirected to an Amazon Giftcard Website where you have to Leave your Email
3 Leave your Email in the Blank Box to win an Amazon Giftcard and Click on SUBMIT
4 Then You will be Redirected to a MEGA Download where you could Download Paige Leaked Videos and Photos

As per the screenshot, there's one final redirect URL (a bit(dot)do address) which took us to an Amazon themed survey gift card page. Suffice to say, filling this in hands your personal information to marketers – and there's no guarantee you'll get any pictures at the end of it (and given the images have been stolen without permission, one might say the people jumping through hoops receive their just desserts in the form of a large helping of "nothing at all").

amazon giftcards

At this point, it's time to return to the app and see what it's been up to on the Twitter account we installed it on:

twitter spam pile

Automated spam posts, complete with yet more pictures used as bait.

As freshly leaked pictures and video of celebrities continue to be dropped online, so too will scammers try to make capital out of image-hungry clickers. Apart from the fact that these images have been taken without permission so you really shouldn't be hunting for them, anyone going digging on less than reputable sites is pretty much declaring open season on their computers. Do yourself a favour and leave this leak alone. It probably won't be long before the Malware authors and exploit slingers roll into town.

Christopher Boyd

The post Twitter app spams Fappening bait and Amazon surveys appeared first on Malwarebytes Labs.



from Malwarebytes Labs full article here