Nude pics of celebs would appear to the cyber-gift that keeps on giving, especially if you’re a criminal. Word of the Apple iCloud hack that revealed the private photos of at least 100 celebrities has now spread to every news outlet on the globe—and enterprising cyber-criminals have seen a follow-on social-engineering opportunity.
Trend Micro found that one scam using the leak as a lure is making the rounds via Twitter. It comes “in the form of a tweet being posted with hashtags that contain the name of one of the leak’s victims - Jennifer Lawrence,” researchers noted in a blog. “The tweet spots a shortened link that, if clicked, leads the user to a website offering a video of the actress in question.”
The problem is that if the user goes on to engage the playback, they are instead redirected to a download page for a ‘video converter,’ which of course does nothing at all.
A Facebook variation of the bait-and-switch maneuver asks users to share the malicious site to their friends before they are given the ability to ‘play’ the offered video.
“This would result in the user’s wall being spammed with the link, as well as the download of another variant of [the ‘video converter’],” the firm said.
Also, Trend Micro found “several malicious files floating around the internet that have been relabeled as zipped archives and/or video files of the leaked pictures in question,” it said. “Again, we believe these files as part of a cyber-criminal scheme to target those looking for the pictures themselves.”
The malware mainly have backdoor routines that may compromise the safety of the affected system. In one case, it’s a dropper that could spread other malware and cause the affected system to exhibit malicious routines.
So far, the majority of the users affected by these gambits are from the United States (70%).
“With this incident in mind, it’s a good time to remind users that all popular news events – the iCloud leak being a prime example of it – will always have cyber-criminals taking advantage of it in one way or another,” Trend Micro noted. “ If it’s something that you’ll use a search engine for, there’s a good chance that they’ve already created threats for it that will jump on you the moment you go looking. And do note that the threats we’ve talked about above are not the only ones lying around in wait.”
Users should get online news from trusted websites, and refrain from looking for/and downloading illegal material (such as leaked private photos or cracked software).