Trend Micro Facebook TrendLabs Twitter Malware Blog RSS Feed You Tube - Trend Micro
Search our blog:

  • Recent Posts

  • Calendar

    October 2014
    S M T W T F S
    « Sep    
     1234
    567891011
    12131415161718
    19202122232425
    262728293031  
  • About Us

    The popular photosharing app Instagram is the latest social networking site targeted by the ubiquitous survey scams seen on Facebook and Twitter. This time, we found that these survey scams may also lead users to download an Android malware.

    I found the following accounts who wanted to ‘follow’ me on Instagram. This is the standard if your Instagram account is set to private. While checking these requests, the security researcher inside me noticed something off with some of the accounts.

    instagram-surveyscam-1

    Figure 1. Screenshot of Instagram request

    To validate my suspicions, I checked the page of these Instagram accounts and noticed that they all posted this “Get Free Followers!” photo. This post reminded me of the Pinterest free items promo survey scam we blogged in the past.

    instagram-surveyscam-2

    Figure 2. Get Free Followers Post on Instagram

    Another thing that I found dubious is that these Instagram followers have repetitive account names like “Tawna Tawna” and “Concetta Concetta”.

    instagram-survey-scam-3

    Figure 3. Screenshot of sample spamming account

    Given these suspicious signs, I then checked this “Get Free Followers” picture (which is actually clickable) and was lead to this page that supposedly offers the “Get Followers” app. This app is detected by Trend Micro as ANDROIDOS_GCMBOT.A, which can be used to launch malicious webpages or send SMS from the device.

    instagram-survey-scam-4

    Figure 4. Page offering ‘Get Free Follower’ app

    Whether users download the said app or not (in my case, I tried to), in the end they are redirected to your run-of-the-mill survey scams. Since Instagram can also be accessed via a PC, we tried to access the malicious website and survey scam using a desktop. Fortunately, this ruse didn’t work.

    Cybercriminals profit from these survey scams via ad-tracking sites, which users are redirected to before the actual survey page. Plus, these bad guys can also use the data gathered from these scams by either peddling them to other cybercriminal groups or using them in their future schemes.

    Facebook, Pinterest, Tumblr, and now Instagram. The people behind these scams are jumping on every popular networking sites and potential engineering hooks like the Google Glass contest. To protect yourself against this scam, you must always double-check posts on your social media accounts, even if they come from friends, family members, or known acquaintance. Caution is your best defense. Trend Micro protects users from this threat by blocking the related URLs.

    To know more about how these scammers (or online crooks in general) use and benefit from your data, you can check out our infographic How Cybercriminals Are Getting Better At Stealing Your Money.

    We’re trying to make the Security Intelligence Blog better. Please take this survey to tell us how.





    Share this article
    Get the latest on malware protection from TrendLabs
    Email this story to a friend   Technorati   NewsVine   MySpace   Google   Live   del.icio.us   StumbleUpon




    Comments are closed.



     

    © Copyright 2013 Trend Micro Inc. All rights reserved. Legal Notice