A SPAM CAMPAIGN circulating on social photobooth app Snapchat that lures users with sexually suggestive photos and compromised URLs has been discovered by Symantec.
The spam messages, which usually involve an image of a scantily clad female draped in a robe, a towel or much less, also include some text asking users to "Add my Kik" along with a specially crafted user name on the Kik instant messaging app.
"After engaging these spam bots on Kik Messenger, this spam campaign is using a type of spam chat bot-script we discovered on Tinder last summer," Symantec security researcher Satnam Narang said in a blog post.
"An interesting discovery from this campaign is the use of compromised custom URLs belonging to small websites and popular brands. Spammers have found a way to create their own links using branded short domains in order to entice users into a false sense of security."
Symantec identified some of the compromised branded domains as usat.ly (USA Today), cbsloc.al (CBS Local), on.natgeo.com (National Geographic), nyp.st (New York Post), on.mktw.net (Marketwatch), mirr.im (Daily Mirror), red.ht (Red Hat), invstplc.com (Investorplace) and mitne.ws (MIT News).
Hidden behind these branded customised URLs are affiliate marketing links inviting users to visit adult webcam websites.
Narang said that Symantec has been working with Bitly to investigate and shut down any spammer use of branded short URLs.
"Bitly has confirmed that some spammers obtained Bitly API keys belonging to various brands. Some of the brands affected used the Addthis social bookmarking service who recently stopped requiring users to reveal their API key in plain text as part of the Addthis website embed code," Narang added. "Public exposure of API keys gives anybody the ability to compromise accounts and, in this case, create short URLs using other people's domains."
To prevent spam from appearing in your Snapchat feed, Symantec recommended that users change their Snapchat privacy settings to receive snaps from "My Friends" only and use caution when receiving unsolicited messages or friend requests.
The discovery of the spam campaign comes just a week after Snapchat apologised to its users for the hacking attack on it and them last week.
A week after acknowledging its vulnerability and being fairly dismissive of it, the firm issued an apology and delivered a new version of its app to prevent further exploits.
The hacking attack on four million Snapchat users was revealed at the end of 2013 on a website called SnapchatDB that has since been closed down. Snapchat had initially reacted to the attack and its users' reactions to it by saying that it wasn't a big deal. µ
Facebook has more influence than meets the eye
Attackers could 'easily compromise' an entire company by exploiting AV security flaws
Nobody knows it, but you've got a secret smiley
Plummeting pound forces firm's hand