A website which attempts to have Tumblr users install a suspicious application has recently returned.
While the application was taken offline in 2013, the site’s return has caused commotion in Tumblr land due to the large amounts of posts popping up which direct end-users to survey-style landing page offers. The application promised to let the page owner know who was viewing their blog and encouraged them to click on a bit.ly link that took them to the site.
“Whereas last time this site was on the radar the app (or “widget code”, as they called it) had already been pulled, this time around users will be invited to log into Tumblr and install an app on their profile,” Malwarebytes security research Christopher Boyd said.
If the application is installed, the app will make a post on the related blog and the person will end up on a survey page, where affiliate cash is generated for every survey filled in.
So far there have been 2,982 clicks on the bit.ly link; 1,951 from Tumblr and 1,006 from other sources, while 1,734 clicks were from the Tumblr dashboard from Tumblr users who have seen the posts appear in their timeline via users they follow.
“Profile viewer scams have been around for years – yes, they were around in the heyday of Myspace – and they’ve never gone away, migrating from one social network to the next. Always think twice when being asked to install apps you’re not familiar with, and most definitely think for a third time before signing up to anything promising to reveal who looks at your social network profile,” Boyd said.