This is not the story of a good cop gone bad, but one of a somehow harmless (though spammy, if you ask me) entertainment app gone wild on the tagging front.
Remember the Tagjacking craze? How can anyone forget it? I bet some of you still see some signs of it around your friends’ accounts. Well, it seems this scam mechanism’s creators have taken a crash course in marketing and I can bet (what shall I bet on? Let’s say my pet fish’s tail.) that their favorite lesson was “Finding a Good Market Niche”. Let’s just see if the time (who knows, even money???) they spent on getting a better education and (possibly) a better chance at retiring on a paradisiacal island before they’re 40 paid off.
Last time, these guys went about it the easy way: get voyeurs hot over some almost naked chick. This time, they’re less conspicuous and aim at the wider and less demanding “fun loving” user base.
The theme? Tell me your name and I’ll tell you who you are. It’s like soooooooo much fun (you know me, I believe everything these apps say) so why not try it?
Should I worry that it needs to access my photos and videos? Neeaaaaaaaah, not today. Girls just wanna have fun, right?
Type in my name (ok, it’s not mine, but it’s a name). And here comes the surprise:
I get your “name reading” alright (quite soothing for some over inflated egos, I would say), but what’s my list of friends doing there, all of them nicely tagged?
Oh, but wait! How can such a thing of beauty be sent all alone out into the world? We’ve got variant 2 of the same scam and this one’s wearing a little black ….background.
Annoying? NOOOOOOOOOOOOOOO, that’s not possible. It’s so much fun, remember? Now your friends have a really good reason to call you up or send you some kind of message to tell you “stop the tagging, man!” (let’s not forget that all of their walls will proudly be wearing messages announcing the reckless tagging).
Want me to tell you how big the mess can get? Here’s a quick reminder of the water ripple effect launched by the older Tagjacking variant:
FRIEND A (clicked the link) -> FRIEND B* (gets a post on the wall about being tagged, may or may not click the link) -> FRIEND C* (sees the post about B being tagged and has access to the bad link even if B does not click it)
*B is A’s friend and C is B’s friend
Bottom line, there may be legitimate apps that do the same thing and stop at just that. But, but but, you never know what happens to your data once it gets in the cloud! To stay away from the kind of pests that get to the Crème de la Social Scam series, please read each app’s Permissions list carefully and just pay attention to what happens after you’ve started using the app.
This article is based on the technical information provided courtesy of Tudor Florescu, BitDefender Online Threats Analyst.
All product and company names mentioned herein are for identification purposes only and are the property of, and may be trademarks of, their respective owners.