Trend Micro Facebook TrendLabs Twitter Malware Blog RSS Feed You Tube - Trend Micro
Search our blog:

  • Mobile Vulnerabilities

  • Zero-Day Alerts

  • Recent Posts

  • Calendar

    September 2015
    S M T W T F S
    « Aug    
  • Email Subscription

  • About Us

    Author Archive - Ruby Santos (Fraud Analyst)

    With the recent release of the PlayStation 4 in North America and the upcoming release of the Xbox One, November is fast becoming an exciting month for gamers. However, it appears that they aren’t the only ones looking forward to these launches. We spotted several survey scams that took advantage of the buzz surrounding the two consoles.

    Demand for these consoles is sure to be high – the PS4 has already sold one million units within 24 hours of its launch. Unsurprisingly, cybercriminals are already using giveaways  to trick users. We found a Facebook page that advertised a PS4 raffle. Users were supposed to visit the advertised site, as seen below:

    Figure 1. Facebook page advertising the giveaway

    The site urges users to “like” or “follow” the page, and then share it on social media sites. This could be a way for scammers to gain a wider audience or appear more reputable.

    Figure 2. Website with giveaway details

    Afterwards, users are required to enter their name and email address. Instead of a raffle, they are led to a survey scam:


    Figure 3. Survey scam site

    Figure 4. Final survey scam

    Scams are also using the Xbox One as bait. However, the site for this scam is currently inaccessible. Since the Xbox One has yet to be released, scammers could be waiting for the official launch before making the site live.

    Figure 5. Xbox promo page

    The scams were not limited to Facebook. We spotted a site that advertised a Xbox One giveaway. Like the PS4 scam, users are encouraged to promote the giveaway through social media. Once they click the “proceed” button, they are led to a site that contains a text file they need for the raffle. But like other scams, this simply leads to a survey site.

    Figure 6. Xbox One giveaway scam site

    Figure 7. Survey scam site

    Product launches have become a tried-and-tested social engineering bait. Earlier in the year, we saw scams that used Google Glass as a way to trick users. Early last year, the launch of the iPad 3 became the subject of many scams and spam. Users should always be cautious when it comes to online raffles and giveaways, especially from unknown or unfamiliar websites. If the deal seems too good to be true, it probably is. Gaming consoles are just some of the most popular items bought online that can lead to security risks.

    Trend Micro protects users from these threats by blocking all sites related to these scams. The Facebook pages referred to in this post are still currently online. We are also still on the lookout for related and similar threats, which will also be blocked as appropriate.

    Posted in Bad Sites | Comments Off on PlayStation 4 and Xbox One Survey Scams Spotted

    With Halloween just around the corner, everyone’s thinking about costumes and candy – including cybercriminals. We found several scams taking advantage of the upcoming holiday on popular sites like Facebook, Twitter, and YouTube.

    The scams we saw used free Halloween products as bait. Searching for the phrase “Halloween GET FREE” leads to a suspicious YouTube video:

    Figure 1. Suspicious YouTube video

    The URL advertised on the video’s page leads users to a scam site that asks for your personal information, including your email address.

    Figure 2. Scam site

    Figure 3. Survey scam

    Using similar keywords on Twitter yielded two suspicious accounts. Each account had a Halloween-themed Twitter handle, perhaps to entice users into checking out the accounts.

    Figure 4. Two suspicious Twitter accounts

    Each account advertises free Halloween candy with a corresponding URL to get the said candy. The advertised website leads users to survey scams, rather than candy.

    Facebook also became home to a Halloween-themed survey scam. We spotted a Facebook page that advertises free Halloween candy, like the scam on Twitter. To get the candy, users are supposed to click a link on the page.

    Figure 5. Website advertising free candy

    But much like the other scams, this simply leads to a survey site. It’s interesting to note that users are directed to the page used in the YouTube scam mentioned earlier. To further entice users, the site promises Apple products in exchange for finishing the survey.

    Figure 6. Apple products as “reward” for completed surveys

    It might be tempting to get free stuff online, but users should always be cautious when encountering these types of promos or deals. Cybercriminals are willing to promise anything and everything just to get what they want. When encountering deals that are too good to be true, users should err on the side of caution and assume that they are.

    Trend Micro protects users from this threat by blocking the websites involved in these scams. We are also still on the lookout for related and similar threats, which will also be blocked as appropriate. For more information about the Halloween-related scams and other scary facts about online threats, you may can check out our infographics here and here.

    With additional insights from Maela Angeles

    Posted in Bad Sites | Comments Off on Halloween Freebies Lead to Ghastly Survey Scams

    The original Plants vs. Zombies game enjoyed a lot of popularity back then when PopCap Studios released it on the iOS in 2010, and on the Android in 2011. Now, with the approaching release of its sequel (soft-launched in New Zealand and Australia), cybercriminals have already begun taking advantage of the hype.

    The first trickle of threats came at around July 16, 2013. We discovered a survey scam website, hosted by Blogger, and linked from a YouTube video page. The website was found to be a typical survey scam with no malware tied to its bait.



    More PvZ2-related threats popped up in our radar after that. Up to July 22, we discovered no less than seven of them in Google Play alone, either as a fake app download or a ‘downloader’ for the app itself. One of them was detected to be a fake app that pushed malicious ads to the user. This is detected as ANDROIDOS_FAKEZOMB.A. We expect to find more in the coming days.



    Google has been commendably quick in handling the threats found in Google Play, however. As of this writing, all of the fake apps have been stricken from the site itself, and the fake ‘developers’ offering them up for download suspended. Similar scams and frauds have also been found to be suspended within 24 hours of being put up in the app market.

    The existence of these threats and the social engineering behind them is nothing new – we’ve reported incidents such as these in the past, with them targeting games like Candy Crush, Bad Piggies and Temple Run. But what’s to take note here are the patterns emerging with each fake app download scam we see in Google Play.  These are:

    • The usage of popular, up-and-coming sequels to high-profile game apps already available in the iOS App Store but not yet in Google Play
    • The fake apps asking for 5-star ratings and reviews before they could be ‘played’
    • The fake apps are free of charge, in contrast to the legitimate apps which cost money

    The first two are self-explanatory – they are designed to make the app more attractive for users to download. The third could also be considered as a similar tactic, but there is another  reason for this – and that’s due to app developers needing to register a Google Wallet account first before they can set their app as a paid app, a compulsory rule in Google Play’s set of policies and agreements. This could be construed as cybercriminals trying to avoid having their fraudulent developer accounts to be traced back to them.

    This could mean that Google could possibly make the Google Wallet registration compulsory for all developers wishing to release apps on Google Play. This can serve as identification and proof of legitimacy for legitimate developers, and also a deterrent to cybercriminals.

    Android may still be plagued with malware, but Google is certainly stepping up their efforts in helping combat its continuous rise. However, users should not become complacent, as the safety of their mobile devices is their main responsibility as owners. The standard rules of safe app downloading still applies – only download from verified first-party sources. Avoid sideloading or downloading from suspicious ‘developers’ or unauthorized parties.

    For more information about the latest on mobile threat and security, you may visit Mobile Threat Information Hub. Trend Micro Mobile Security Personal Edition also provides protection for your Android device by detecting malicious and high-risk apps.

     Additional analysis by Paul Pajares, Karla Agregado, Veo Zhang and Yang Yang

    Posted in Bad Sites, Malware, Mobile | Comments Off on Cybercriminals Capitalize on Plants vs. Zombies 2 Hype

    Cybercriminals tend to leverage what’s popular and new. Case in point, the much-anticipated Google Project Glass is being used as a social engineering lure to trick unsuspecting users into scams.

    We found that one of the top results for the search term “free Google glasses” is an eye-catching YouTube link with the title [{FREE}] Google Project Glass [[FREE GOOGLE GLASSES]:

    Figure 1. Search results for ‘free Google glasses’

    The video was copied from the original Google Glass YouTube advertisement. The YouTube video also contains information on how to get the Google Glass for free as seen in the screenshot below:

    Figure 2. Youtube video

    Read the rest of this entry »

    Posted in Bad Sites, Social | Comments Off on Cybercriminals Hop On the Google Project Glass Bandwagon

    The downside of popularity is that cybercriminals tend to abuse it for their own nefarious ends. Case in point, social networking sites have been often used to proliferate malware. Just recently, we spotted a Facebook clickjacking attack that leverages and abuses Instagram to point users to malicious websites.

    Users encounter this threat by being tagged in a photo posted by one of their contacts on Facebook. The post states that users can know who visited their profile on Faceboofk and how often. It also includes a photo posted via Instagram.

    We noticed that the photo and the names used in the “Recent Profile Views” (see below) are used repeatedly for other attacks.

    Should users decide to click the link, they are lead to a page with instructions on how to generate the verification code. Once done, a pop-up window appears, which is actually the Instagram for Facebook app asking users to click “Go to App” button. Once done, it redirects users to a page that looks like the Facebook Home page.

    Read the rest of this entry »



    © Copyright 2013 Trend Micro Inc. All rights reserved. Legal Notice