HQ/EMEAFind out how we can help your business
A new malicious operation uses fake X content to scam users and redirect them to malicious websites. According to reports, these scammers are taking advantage of Japan’s Ukraine-Russia war and earthquake warnings to deceive targets into clicking on phoney alerts and videos that redirect them to scam adult pages, hostile browser extensions, and sketchy affiliate sites.
X, formerly known as Twitter, has been inundated with posts that look to be malicious videos but, when clicked on, direct users to fraudulent adult websites. Researchers revealed that scammers have started making posts claiming to offer dramatic information about warnings about an earthquake in Japan’s Nankai Trough or Ukrainian forces attacking Kursk.
One sample of the Japan alert displays emergency information about the Nankai Trough mega-earthquake and what users should be aware of. The fake warning also explains that everything is summarised in the article within the page.
The scammers also included a statement that prompted users to read it carefully and organise their itinerary according to the false tweet regarding Nankai Trough earthquake warnings.
The scammers use a false sense of urgency so that users will click the fake X content.
Instead of providing false videos, the scammers display fake X content warnings that users must click to access the material.
These content warnings are graphics that, when clicked, connect to a URL at the app.link domain, redirecting users via several sites until they arrive at a malicious website. These scam sites mostly have explicit content and are adult-oriented, but they may also contain dangerous information, such as tech support scams, malware browser extensions, or affiliate scams.
X shows these phoney content warning graphics because when a post is first created, the social media site reads the content at the posted URL. If the app.link site identifies a link from Twitter, most likely via its user agent, it will not redirect to other sites.
Instead, it will show an HTML page that uses Twitter cards’ HTML metadata to instruct X how the post, including the image, description, and other elements, should be displayed. Scammers have used this technique for years and have recently reemerged after being employed in cryptocurrency scams.
Therefore, social media users, especially on X, should be cautious when accessing strange websites to avoid scams that want to steal data or assets.
