Despite X’s long-standing bot issue, con artists are now taking advantage of the conflict in Ukraine and the alerts regarding the earthquake in Japan to fool users into clicking on videos and false content warnings that lead to dangerous browser extensions.
Although X has always had a bot problem, scammers are now using the war in Ukraine and the warnings about the earthquake in Japan to trick users into clicking on videos and phony content alerts that take them to harmful browser extensions, dodgy affiliate sites, and adult websites.
For months, posts on X have been overrun with content that, upon first inspection, seems to be a sexual video, but clicking on it takes you to phony adult websites.
According to X users “Slava Bonkus” and “Cyber TM,” the con artists have also begun posting postings purporting to offer alarming details regarding the incursion of Ukrainian military into Kursk or alerts about an earthquake in Nankai Trough, Japan.
“Emergency updates on the massive earthquake that occurred in the Nankai Trough: What should we watch out for going forward? All of it is condensed in this article. The false tweet regarding the earthquake warnings near Nankai Trough reads, “Please read it carefully and plan your schedule.”
But rather than displaying phony videos, they present phony X content warnings that need to be clicked in order to access the material.
The pictures that serve as these content warnings really link to a URL at the app.link domain when visited, rerouting customers through a sequence of websites until they eventually arrive at a fraud website. Though they may also be for dangerous material, such as tech support scams, malware browser extensions, or affiliate scams, these scam sites are typically adult sites.
Because the social media platform will scan the information at the supplied URL when the post is first generated, X shows these warning pictures about false content. The app.link website won’t reroute to the other websites if it determines, most likely through its user agent, that the connection is from Twitter.
Instead, it will show an HTML page that instructs X on how to display the post’s image, description, and other material by using Twitter card HTML metadata.
This tactic has been around for a while; BleepingComputer initially reported on it in 2019, and bitcoin fraudsters have lately employed it.
Do Follow: CIO News LinkedIn Account | CIO News Facebook | CIO News Youtube | CIO News Twitter
About us:
CIO News is the premier platform dedicated to delivering the latest news, updates, and insights from the CIO industry. As a trusted source in the technology and IT sector, we provide a comprehensive resource for executives and professionals seeking to stay informed and ahead of the curve. With a focus on cutting-edge developments and trends, CIO News serves as your go-to destination for staying abreast of the rapidly evolving landscape of technology and IT. Founded in June 2020, CIO News has rapidly evolved with ambitious growth plans to expand globally, targeting markets in the Middle East & Africa, ASEAN, USA, and the UK.
CIO News is a proprietary of Mercadeo Multiventures Pvt Ltd.
