Fake X content warnings on Ukraine war, earthquakes used as clickbait


X has always had a bot problem, but now scammers are utilizing the Ukraine war and earthquake warnings in Japan to entice users into clicking on fake content warnings and videos that lead to scam adult sites, malicious browser extensions, and shady affiliate sites.

For months, X has been flooded with posts that contain what appears at first glance to be a pornographic video but, when clicked on, brings you to fake adult sites.

As tracked by X users “Slava Bonkus” and “Cyber TM,” the scammers have now also started creating posts pretending to contain sensational information about the Ukrainian forces invading Kursk or warnings about an earthquake in Nankai Trough, Japan.

“Emergency information on the Nankai Trough mega-earthquake: What should we be careful of from now on? It’s all summarized in this article. Please read it carefully and plan your schedule,” reads the fake tweet about Nankai Trough earthquake warnings.

However, instead of showing fake videos, they display fake X content warnings that must be clicked to view the content.

Sensational posts showing fake content warnings
Sensational posts showing fake content warnings
Source: BleepingComputer

These content warnings are actually images that, when clicked, connect to a URL at the app.link domain, which then redirects users through a series of sites until they ultimately land on a scam site. These scam sites are usually adult sites, but they could also be for malicious content, such as tech support scams, malicious browser extensions, or affiliate scams.

X displays these fake content warning images because when the post is first created, the social media site will read the content at the posted URL. If the app.link site detects that the connection is from Twitter, likely through its user agent, it will not redirect to the other sites.

Instead, it will display an HTML page that utilizes Twitter cards HTML metadata to tell X how the post should be displayed, including the image, description, and other content.

This trick has been used for years, with BleepingComputer first reporting about it in 2019 and the technique recently used for cryptocurrency scams.



Source link