The popular photosharing app Instagram is the latest social networking site targeted by the ubiquitous survey scams seen on Facebook and Twitter. This time, we found that these survey scams may also lead users to download an Android malware.
I found the following accounts who wanted to ‘follow’ me on Instagram. This is the standard if your Instagram account is set to private. While checking these requests, the security researcher inside me noticed something off with some of the accounts.
Figure 1. Screenshot of Instagram request
To validate my suspicions, I checked the page of these Instagram accounts and noticed that they all posted this “Get Free Followers!” photo. This post reminded me of the Pinterest free items promo survey scam we blogged in the past.
Figure 2. Get Free Followers Post on Instagram
Another thing that I found dubious is that these Instagram followers have repetitive account names like “Tawna Tawna” and “Concetta Concetta”.
Figure 3. Screenshot of sample spamming account
Given these suspicious signs, I then checked this “Get Free Followers” picture (which is actually clickable) and was lead to this page that supposedly offers the “Get Followers” app. This app is detected by Trend Micro as ANDROIDOS_GCMBOT.A, which can be used to launch malicious webpages or send SMS from the device.
Figure 4. Page offering ‘Get Free Follower’ app
Whether users download the said app or not (in my case, I tried to), in the end they are redirected to your run-of-the-mill survey scams. Since Instagram can also be accessed via a PC, we tried to access the malicious website and survey scam using a desktop. Fortunately, this ruse didn’t work.
Cybercriminals profit from these survey scams via ad-tracking sites, which users are redirected to before the actual survey page. Plus, these bad guys can also use the data gathered from these scams by either peddling them to other cybercriminal groups or using them in their future schemes.
Facebook, Pinterest, Tumblr, and now Instagram. The people behind these scams are jumping on every popular networking sites and potential engineering hooks like the Google Glass contest. To protect yourself against this scam, you must always double-check posts on your social media accounts, even if they come from friends, family members, or known acquaintance. Caution is your best defense. Trend Micro protects users from this threat by blocking the related URLs.
To know more about how these scammers (or online crooks in general) use and benefit from your data, you can check out our infographic How Cybercriminals Are Getting Better At Stealing Your Money.
We’re trying to make the Security Intelligence Blog better. Please take this survey to tell us how.