Video Screencast Help
Protect Your POS Environment Against Retail Data Breaches. Learn More.
Security Response

Spamchat: Snapchat Users Subjected to Porn and Secret Admirer Spam

Created: 03 Dec 2013 16:49:11 GMT • Updated: 23 Jan 2014 18:02:37 GMT • Translations available: 日本語
Satnam Narang's picture
+2 2 Votes
Login to vote
Over the past week, users of the photo messaging application Snapchat have seen an increase in the number of spam snaps (Snapchat pictures). The service is now being infiltrated by a myriad of fake accounts sending spam snaps of topless women.
 
figure1_4.png
Figure 1. Spam accounts on Snapchat
 
Snapchat users are currently receiving requests from accounts named similarly, using the following format: “[GIRL'S NAME]snap_####”. Each request features a pending snap from these spam accounts. Despite the app offering privacy settings to only allow snaps from friends, users can still receive add requests from unknown users. Some Snapchat users we spoke to have noticed an increase in these requests over the last week.
 
figure2_1.png
Figure 2. An example of a spam snap with a topless woman
 
If a user accepts one of these requests, they will receive a spam snap of a nude woman. While the photo may vary, each snap includes the caption, “Add me on KIK for nudes swap ;)” along with a username on Kik Messenger, an instant messaging application for mobile devices.
 
Moving to Kik Messenger gives spammers the opportunity to leverage porn bots, fake accounts that engage with users by using a predefined script that promises more nude photos.
 
The porn bot offers more nude photos, but only if the user clicks on a link to install a mobile application first. To make sure the user installs the application, the bot requires proof and requests a screenshot from the app before sending more nude photos.
 
figure3_1.png
Figure 3. An example of a porn bot on Kik Messenger
 
If a user clicks on the link, a series of redirects occurs through affiliate programs, leading to games hosted on Apple’s iOS app store or the Google Play store. We have found that reviews of one of the applications mention the spam from Snapchat.
 
figure4_0.png
Figure 4. App store review highlighting Snapchat spam
 
The way these spammers make money is through affiliate programs that pay for each successful installation. This is why porn bots ask for proof of installation in the chat script. From our research, there were at least 30,000 clicks through multiple short URLs, though this number may be higher when considering that there could be multiple campaigns with different short URLs in operation.
 
As we’ve highlighted in previous examples, once a service becomes popular, the spammers are never far behind. With 350 million messages sent on Snapchat on a daily basis, it is no surprise that spammers have honed in on the service.
 
Other than porn spam, Snapchat users are also being targeted by a new campaign that uses a “secret admirer” lure in order to direct them to a website called SnapCrush. This website harvests usernames and directs users through a similar chain of affiliate programs with the same intention: to convince users to install a mobile application.
 
figure5.png
Figure 5. A new spam campaign on Snapchat
 
Currently, there is no way for Snapchat users to report these accounts as spam within the application itself. For now, users can report spam accounts to the service through the Report Spam section of the Snapchat support site.