The app will hijack the user’s Twitter page to post tweets claiming to link to more stolen celebrity images.
The app will hijack the user’s Twitter page to post tweets claiming to link to more stolen celebrity images.

Spammers looking to take advantage of leaked celebrity photos have turned their sights on exploiting the buzz surrounding what has been dubbed “Celebgate 2.0” while promising Amazon gift cards.

Malwarebytes researchers spotted the campaign which begins with multiple links purporting to lead to stolen images of WWE wrestler "Paige" that eventually lead to an offered Twitter App install tied to a site called Viralnews(dot)com, according to a March 20 blog post.

The application requests permission to read tweets from the user's timeline, see who they follow, follow new people, update profile and post tweets for you, but explicitly says it will not access direct messages, see email addresses, or see Twitter passwords.

Once downloaded it will lead users to through multiple click throughs on their way to the images, while the app will use the victim's Twitter page to post tweets claiming to link to more stolen celebrity images and thus continue the cycle.

Upon following the various prompts, users are also offered a chance to win an Amazon gift card if they leave their email in a blank box on one of the pages on the way to downloading the stolen images.

There is also a prompt to enter more personal information on a separate page purporting to be an Amazon survey offering more gift cards.

Researchers spotted the campaign while performing research to see if scammers were looking to capitalize on the recent spate of celebrity nude leaks including Emma Watson, Kate Moss, and others Malwarebytes Malware Intelligence Analyst Chris Boyd told SC Media.

“There is no malicious payload in terms of Malware, but at a minimum a Twitter user installing the app will be sending compromising images of celebrities to their followers,” Boyd said. “They'll also be handing over various amounts of PII to third party marketers via the surveys.”

Boyd recommended that anyone who has installed the app go to their application settings in Twitter and revoke access as soon as possible to prevent the app from posting more spam to their pages.