Profile Stalker – an application that spams on Tumblr

Well, Chris Boyd over at GFI Software explains. Profile Stalker is the next evolution of Tumblr spam. “There’s an application currently spamming itself across Tumblr accounts, using the tried and tested bait of ‘profile stalking’,” he reported on the company blog this morning. The profile stalker lure is compelling. Who wouldn’t want to know who’s been visiting their account? It’s been used in one way or another as scam bait on all of the social networks.

But this is a bit different. “Unlike other profile stalker scams we’ve seen where the so-called ‘app’ is really just a cookie-cutter website with a survey, this one is a cookie-cutter website with a survey and an installable application.” It’s installing the application that causes the problems, particularly the element that requires the user to “Grant this application read and write access to your Tumblr account.” Once that has been done, the scammer gets to write his own posts – usually surveys – on the victim’s Tumblr account.

First came spam via compromised accounts, “say, a phish that resulted in spamposts via compromised credentials,” explains Boyd. These could be stopped simply by resetting the victim’s password. “After that,” says Boyd, “the scammers started to make use of the ‘post by email’ feature.” If allowed, scammers could carry on spamming however many times credentials were changed – but not if the ‘post by email’ secret address was changed.

“Now we have rogue apps spamming, which is yet another way to end up with lots of confused Tumblr users asking ‘how do I stop this and where are my kitten gifs?’”, he explains. And then he provides the answer. gr8brittyn and every other Tumblr user who has fallen for the Profile Stalker scam needs to click the cog-like settings button and then click ‘Revoke access’ next to the Profile Stalker icon. And it’s gone.

But, he warns, this might be just the beginning. “Seeing applications become part of the battle is an interesting twist and it’s likely that this will be a new and exciting way to keep you from angry fandom posts and rageface memes for the foreseeable future.”

Profile Stalker – an application that spams on Tumblr

You may also like

Euro 2012 is the lure; pharmacy spam scam the result

Spam volumes are dropping – at last

The Seven Real Security Predictions

96% of Applications Have an Average of 14 Vulnerabilities

It's Raining Apps

What’s hot on Infosecurity Magazine?

Russia's Sandworm Upgraded to APT44 by Google's Mandiant

New Cyber-Threat MadMxShell Exploits Typosquatting and Google Ads

UK Police Lead Disruption of £1m Phishing-as-a-Service Site LabHost

Trust in Cyber Takes a Knock as CNI Budgets Flatline

US Government and OpenSSF Partner on New SBOM Management Tool

New LockBit Variant Exploits Self-Spreading Features

Cybersecurity Pros Urge US Congress to Help NIST Restore NVD Operation

Banning Ransomware Payments Will Do More Harm Than Good

Russian Sandworm Group Using Novel Backdoor to Target Ukraine and Allies

Report Suggests 93% of Breaches Lead to Downtime and Data Loss

FBI Warns of Massive Toll Services Smishing Scam

Russia and Ukraine Top Inaugural World Cybercrime Index

Is MFA Enough? Strategies for Next-Level Identity Security in 2024

Beyond Passwords: Securing the Digital Age with MFA, 2FA, and Passwordless Authentication

Incident Response: Four Key Cybersecurity Measures to Protect Your Business

Cracking the Culture Code: Building a Cybersecurity-Aware Workforce

Navigating the Evolving Cybersecurity Compliance Landscape in 2024

Untangling the Web: Navigating Third-Party Risk in a Hyperconnected World

Infosecurity Magazine Spring Online Summit 2024: Day One

Infosecurity Magazine Spring Online Summit 2024: Day Two

Russia’s Midnight Blizzard Accesses Microsoft Source Code

I-Soon GitHub Leak: What Cyber Experts Learned About Chinese Cyber Espionage

LockBit Takedown: What You Need to Know about Operation Cronos

Women in Cybersecurity at Infosecurity Europe 2024