• Trend Micro
  • About TrendLabs Security Intelligence Blog
Search:
  • Home
  • Categories
    • Ransomware
    • Vulnerabilities
    • Exploits
    • Targeted Attacks
    • Deep Web
    • Mobile
    • Internet of Things
    • Malware
    • Bad Sites
    • Spam
    • Botnets
    • Social
    • Open source
Home   »   Bad Sites   »   Facebook Spam Leverages, Abuses Instagram App

Facebook Spam Leverages, Abuses Instagram App

  • Posted on:December 10, 2012 at 10:26 am
  • Posted in:Bad Sites
  • Author:
    Ruby Santos (Fraud Analyst)
2

The downside of popularity is that cybercriminals tend to abuse it for their own nefarious ends. Case in point, social networking sites have been often used to proliferate malware. Just recently, we spotted a Facebook clickjacking attack that leverages and abuses Instagram to point users to malicious websites.

Users encounter this threat by being tagged in a photo posted by one of their contacts on Facebook. The post states that users can know who visited their profile on Faceboofk and how often. It also includes a photo posted via Instagram.

We noticed that the photo and the names used in the “Recent Profile Views” (see below) are used repeatedly for other attacks.

Should users decide to click the link, they are lead to a page with instructions on how to generate the verification code. Once done, a pop-up window appears, which is actually the Instagram for Facebook app asking users to click “Go to App” button. Once done, it redirects users to a page that looks like the Facebook Home page.

As seen in the screenshots below, the address bar is different from the legitimate Facebook homepage. Users are then asked to copy and paste the malicious URL (which varies per user)  in a certain dialog box and to click ‘continue’.

Once users complete these steps, the album Instagram Photos is generated together using the Instagram for Facebook and the post mentioned above. It also contains malicious link which serve as the propagation mechanism.

The said link also checks for the location of the affected users. Victims located in India are redirected to web advertisement/ online deal site that ask for email subscription. While those living in the Philippines, Pakistan, Egypt or Myanmar redirects to a stalking tool that requires subscription from the author.

It may also redirect to the websites {BLOCKED}pps.info/post.php and {BLOCKED}new.blogspot.in. Answering any of the questions given on these Web pages will lead users to Social Buzz App for Facebook.

Based on our investigation, these spammed posts only appear in Facebook and not in Instagram. As such, whether affected users have Instagram accounts or not, the images will still be uploaded in Facebook. Moreover, if the album, ‘Instagram Photos’ already exists, the spammed photo is posted in the said album as seen below. We also found out that this attack works in mobile devices and in secure connections like https.

My colleague Paul Pajares checked the link to be copy-pasted to how rampant this threat is. Based from this site, the link so far gathered 825,545 clicks worldwide, mostly coming from the Philippines and India. The said link is attributed to the account maygup88, who is also responsible for other 130 domains blocked.

This type of threat on Facebook has taken on different forms these past months, usually under the veil of popular brands such as Diablo 3 and iPad. It even expanded to other social networking sites like Pinterest and Tumblr, which only means one thing: users are still falling for these scams. With this in mind, users are advised to take precautionary steps such as double-checking the legitimacy of links and posts. And remember: just because a contact posted that link, it does not mean it’s safe.

Trend Micro Smart Protection Network protects users from this threat by blocking the related sites.

With additional analysis from Fraud Analyst Paul Pajares

Learn how to protect Enterprises, Small Businesses, and Home Users from ransomware:
ENTERPRISE »
SMALL BUSINESS»
HOME»
Tags: clickjackingFacebookinstagram

Security Predictions for 2020

  • Cybersecurity in 2020 will be viewed through many lenses — from differing attacker motivations and cybercriminal arsenal to technological developments and global threat intelligence — only so defenders can keep up with the broad range of threats.
    Read our security predictions for 2020.

Business Process Compromise

  • Attackers are starting to invest in long-term operations that target specific processes enterprises rely on. They scout for vulnerable practices, susceptible systems and operational loopholes that they can leverage or abuse. To learn more, read our Security 101: Business Process Compromise.

Recent Posts

  • Our New Blog
  • How Unsecure gRPC Implementations Can Compromise APIs, Applications
  • XCSSET Mac Malware: Infects Xcode Projects, Performs UXSS Attack on Safari, Other Browsers, Leverages Zero-day Exploits
  • August Patch Tuesday Fixes Critical IE, Important Windows Vulnerabilities Exploited in the Wild
  • Water Nue Phishing Campaign Targets C-Suite’s Office 365 Accounts

Popular Posts

Sorry. No data so far.

Stay Updated

  • Home and Home Office
  • |
  • For Business
  • |
  • Security Intelligence
  • |
  • About Trend Micro
  • Asia Pacific Region (APAC): Australia / New Zealand, 中国, 日本, 대한민국, 台灣
  • Latin America Region (LAR): Brasil, México
  • North America Region (NABU): United States, Canada
  • Europe, Middle East, & Africa Region (EMEA): France, Deutschland / Österreich / Schweiz, Italia, Россия, España, United Kingdom / Ireland
  • Privacy Statement
  • Legal Policies
  • Copyright © Trend Micro Incorporated. All rights reserved.