As you may have already seen in the news, Jennifer Lawrence, Rihanna, and Kate Upton were just a few of the latest A-list celebrities that got hacked and their private images and videos leaked to the public.
Users took to Twitter in reaction to this, the #IfMyPhoneGotHacked hashtag was created, and then became a worldwide trend. We've waddled through the seemingly endless stream of tweets and found these type of posts that may be deemed risky:
(1) The "Increase your followers!" post. These tweets use text images to spell out "Followers" and other text related to spammy posts in the past that advertise the selling of Twitter accounts to increase one's follower count.Instagram free followers led for a YouTube page that has long been taken down). Below are sample screenshots:
[gallery type="slideshow" ids="5512,5513,5514,5515,5516"]
Clicking the big, red "Buy Now!" button redirects users to the page below, where it asks for an email address and a link to have the transaction paid via Paypal.
Although we can't see a way the group or individual behind these campaigns can swipe Paypal details , the combination of Twitter username and email address can be used by anyone to reset the password of an account if said account doesn't have two-factor authentication enabled. On top of this, there is also no guarantee that the Twitter followers bought are not bots. We generally don't condone the practice of buying accounts as it's highly risky.
(2) The fake "link to headline" post. Here's an example:It seems numerous files are being offered up in rotation, and we detect the ones we've seen so far as a variant of PUP.Optional.Somoto. Somoto potentially unwanted programs (PUPs) are known to bundle third-party toolbars and hijack browsers.
One of our researchers visited one of the download links and he was directed to a page pretending to be from a legitimate adult website, which looks like this:
Bad guys know movie fans love a splash of celebrity controversy, and it's a hot button opportunity they'll likely keep pressing. We've seen it happen again today. Dear Reader, when follow a hot feed on Twitter, please take extra care when clicking links.
Jovi Umawing (Thanks to Steven Burn for additional analysis)