14 DAY TRIAL // Researchers have come across an interesting commercially available tool that can be used by cybercriminals to automatically register Tumblr accounts.
Dancho Danchev explains on Webroot’s blog that the tool supports proxies and it can be used to integrate a major CAPTCHA-solving service. The standard features only include mechanisms to follow and unfollow users, but the premium features can be used to create accounts and upload avatars.
Cybercriminals can use Tumblr accounts in various ways. They can either sell them to others, or they can use them for their own malicious campaigns.
For instance, a phishing campaign detailed recently by ISC uses such Tumblr pages to redirect victims to a fake Facebook login page, and ultimately to a malware-serving website.
Check out the screenshot to see what the tool looks like. For additional technical details, go to Webroot’s blog.