SMS spammers hide adult site URLs in YouTube videos: Report

SMS spammers are attempting to avoid URL filters by hiding links in YouTube videos. Symantec discovered this trend in a recent SMS spam campaign, which disguised the sender as a woman looking to date the message’s recipient. The message directed the user to a YouTube video, which asked them to “get verified” by visiting a link included in the video. However, this link instead led the user to an adult website. If the user signed up to the site, then their credit card would be charged with membership fees.

Challenges for SMS spammers 
Most spammers make their money through scams, phishing campaigns, or affiliate programs. In affiliate programs, the affiliate can earn revenue by directing users to join another business’ website. Spammers do this by sharing links through different channels, such as SMS messages and emails, and tricking people into registering to the website.

Over the last few years, we have seen SMS spammers looking for new ways to bypass URL filters. However, the SMS message-size limitation doesn’t give much room for spammers to create complex or creative obfuscations. Along with this, if the phone doesn’t recognize the URL in the message, it does not make the link directly clickable, potentially reducing the number of visitors to the site.

For this reason, SMS spammers have relied on shortened links, free hosting services, and newly registered domains in order to hide and deliver their attacks. But SMS spam filter technology has evolved accordingly and can successfully block these threats.

Hiding spam links in YouTube videos
Over the last week, we have discovered SMS spammers’ new trick to hide adult spam links in text messages and make them look like legit SMS traffic.

Instead of including a typical affiliate link in the messages, the attackers added the link to a YouTube video along with the following message:

“Hey there [CLASSIFIEDS WEBSITE] Im assuming ? Im Alexis.. heres a video
[YOUTUBE VIDEO LINK] to show I'm the same girl in the pic on there”

If the user visits the link, they will be directed to a YouTube video of a woman asking the viewer to “get verified” before she agrees to meet them.

If the user visits the link included in the video to “get verified,” they will instead be directed to an adult website’s registration page. The site asks for the user’s credit card number and charges their card if they go through with the registration process.

Our research leads us to believe that the spammers targeted users of a classifieds website by creating fake dating ads. Through these ads, the spammers continuously mined phone numbers and email addresses for their future campaigns. Other adult-themed scammers have used this strategy before to obtain targets.

Don’t be fooled by SMS spam
While this technique has been used before in emails, it is novel in the SMS field. With the rise in popularity of mobile dating apps, we believe that more spammers may target mobile platforms with these types of campaigns.

Comments