The Inquirer-Home

Snapchat users hit by a fruity attack

Updated Lots of images of smoothies are being sent from compromised user accounts
Wed Feb 12 2014, 17:08
snapchat logo

SOCIAL PHOTOBOOTH Snapchat has been hit with an attack that has resulted in users unintentionally sending images of fruit smoothies to all of their friends.

This doesn't sound like the most terrifying threat out there, but the image of an admittedly refreshing looking fruit drink is being sent from hacked user accounts with the text, "Go to Snapfroot.com", a URL that directs people to Allrecipes.com. There's no evidence yet as to whether there is anything malicious going on during these redirects.

Though it appears relatively harmless, the attack has appeared after Snapchat admitted having been compromised last year, which saw account details belonging to more than four million Snapchat users posted online.

We have contacted Snapchat, which has acknowledged the attack, and it said, "A small number of our users experienced a spam incident [on Tuesday] where unwanted photos were sent from their accounts.

"Our security team deployed additional measures to secure accounts."

Snapchat recommended using unique and strong passwords to prevent abuse. An obvious way to fix this is to change your passwords frequently, and if you have received a fruity snapchat from one of your friends, tell them to change their passwords as soon as possible.

Trend Micro VP of Security Research Rik Ferguson told The INQUIRER that while the attack might seem little more than an annoyance at worst, there are a couple of serious conclusions that can be drawn from it.

"The first is that people are still being far to free with their credentials, either sharing them across multiple services or paying very little attention to which third party services they authorise to access social media accounts on their behalf, I would venture also that far too few people actively go and clean up services which are authorised but which are no longer required or used," he said.

"Secondly, as a proof of concept for malicious exploitation, this attack proves only too well that the halo of trust created by exchanges between friends on social networks is still a strong motivator to click links or follow potentially malicious misdirections."

Ferguson warned users that just because they have received a message, a photo or a link from a friend, that doesn't mean that they should immediately click on it.

"If the 'Snapfroot' link had led to an exploit kit rather than a smoothie recipe, I'm sure the attack would have been equally successful but far worse than a mere annoyance," he added.

Snapchat has been rather popular with spammers lately. The app was hit by a similar spam campaign last month, but instead of juicy fruit drinks, juicy images of another variety were sent from users' accounts to their friends.

These spam messages, which involved images of scantily clad females draped in a robe, a towel or much less, also included some text asking users to "Add my Kik" along with a specially crafted user name on the Kik instant messaging app.

A similar fruit-themed attack occurred over the summer at Instagram, with people posting spammy images of smoothies. It could be worse, we guess. µ

 

Share this:

blog comments powered by Disqus
Advertisement
Subscribe to INQ newsletters

Sign up for INQbot – a weekly roundup of the best from the INQ

Advertisement
INQ Poll

Microsoft's Windows 10 Preview has permission to watch your every move

Does Microsoft have the right to keylog users of its Windows 10 Technical Preview?