A New Batch of Voice Comms Stealers...

The “Kevin the Game Dev” Tumblr Spam Run

Say hello to “Kevin“.

He can’t help but send multiple spam comments to Tumblr users, asking them to try a game he’s been “working on”.

The messages are all mostly the same, except for the name of the company he supposedly works at and the game he’s asking people to try out.

As best we can tell, the games mentioned are real MMORPG titles but it seems clear that this person has nothing to do with games development and is riding on their coat-tails. Some of the URLs used in this spamrun include the following:

vyromanes(dot)tumblr.com tengoton(dot)tumblr.com pikushiika(dot)tumblr.com demployin(dot)tumblr.com sotsumakuji(dot)tumblr.com suikaishi(dot)tumblr.com tajudicia(dot)tumblr.com

As for the spam messages themselves, they’re all pretty similar.

One message reads:

Hi, I am Kevin. I am a game programmer at GTArcade. I am lounching(sic) a impressive new game called Legue(sic) of Angels. I want you to be one of the first one to checkout the latest release and say what you think. Every third palyer will win a game T-shirt! Please try it is very important for me!! Go to my BLOG TO PLAY. Let my know if you liked would be interested to chat

Another one reads:

Hi, I am Kevin. I am a game programmer at 4Tech. I am lounching a impressive new game called Legue of Angels. [snip]

Well, he still can’t spell “League” but the company name certainly changed. One more:

Hi, I am Kevin. I am a game programmer. I want to present you a impressive (sic) new game called Wartune. I want you to be one of the first one to checkout the latest release and say what you think. Please try it is very important for me!! Go to my BLOG TO PLAY.Let my know if you liked:) Thanks friend!

The blogs (some of which have been deactivated) are a bizarre mish-mash of non-game related tattoo artistry, with a “click here” button sitting just above them. As you can see from the screen below, the affiliate link for whoever is doing this spamrun is in the bottom left hand corner.

Kevin!

In testing, clicking the buttons took us to a variety of locations. Some pages linked us to sign ups for the games mentioned, such as League of Angels. Others took us to offers / sign-ups. Here’s an example:

Survey

We didn’t see any installs during testing – what we did see were sign-ups for such as TV streaming, surveys for iPads which lead to forms asking for PII and so on.

It looks as though Tumblr are wise to this scam and are currently killing off a few more of the spam blogs at time of writing. If you see any messages from dear old Kevin landing in your Inbox, just hit delete and move on.

Christopher Boyd

ABOUT THE AUTHOR

Christopher Boyd

Former Director of Research at FaceTime Security Labs. He has a very particular set of skills. Skills that make him a nightmare for threats like you.