Hacked Snapchat accounts use native chat feature to spread diet pill spam

06 Oct 14

In May, Snapchat released an update that put the “chat” into the app by allowing users to send messages. Symantec previously warned that criminals would inevitably leverage this feature in future spam campaigns and since that time, a number of Snapchat users have reported receiving chat messages and photos from their friends promoting diet pill spam.

Symantec has now released an overview of the current situation and advice for users on how they can secure their Snapchat account.

This is not the first campaign of this type we have seen. In February 2014, a number of Snapchat accounts were compromised and used to send images of fruit drinks, promoting websites called FrootSnap and SnapFroot.

The fruit-themed spam messages required users to manually visit the websites, and this extra step presented a challenge. These websites redirected to a site designed to look like Groupon.com, promoting a miracle diet solution called Garcinia Cambogia.
The latest round of Snapchat spam has seen spammers leveraging the native chat functionality instead.

The compromised Snapchat accounts send out a photo message of a box of Garcinia Cambogia, which is followed by a chat message that includes a suspicious link containing ‘groupon.com’ in the URL.

A link from someone that isn’t your Snapchat friend is not clickable. However, by compromising Snapchat accounts, spammers are able to insert clickable links into their messages based on who the compromised account is friends with.

Snapchat issued a statement saying that the accounts promoting these miracle diets were compromised. Snapchat said that credentials, obtained through a breach of another website, were reused on Snapchat accounts. Snapchat claims that the reason these accounts were compromised was because certain users reused the same password on multiple websites.

Secure your Snapchat account
There is no denying that password reuse is problematic and users should never use the same password for multiple sites; however, passwords by themselves are not enough. Some social networks have introduced two-step verification to help prevent unauthorised login attempts. Until Snapchat implements this feature, userscan change their Snapchat passwords to something stronger and, most importantly, something unique.


To access this blog post, please follow this link: http://www.symantec.com/connect/blogs/hacked-snapchat-accounts-use-native-chat-feature-spread-diet-pill-spam


Share on: LinkedIn Twitter Facebook