Attackers are no taking over real accounts for good

Aug 11, 2016 01:40 GMT  ·  By

The trend of Instagram profiles promoting adult content has taken a turn for the worse, with hackers actively compromising already existing accounts instead of creating new profiles from scratch.

Just like any other popular social network like Facebook and Twitter, Instagram is also plagued by bots promoting adult material.

This trend became a serious problem at the start of 2016, when Symantec noticed an increase in the number of fake profiles promoting pornographic content.

From creating new accounts to taking over existing profiles

Because since January crooks have dumped the personal details of over 800 million users via data breaches from services such as LinkedIn, MySpace, Tumblr, VK, and Yahoo, the people behind this Instagram pr0n spam have adapted their tactics.

Leveraging some people's tendency to reuse passwords, crooks took the data from those publicly disclosed breaches and used it to test and hack into existing Instagram accounts.

Where they got access, the hackers changed the user's name, bio, avatar, and profile link, while also uploading sexually explicit images.

In most cases, Symantec says the profile link and the links added with the hacker's uploaded nude images redirect to online dating sites where users are asked to fill in surveys and register. All of these links contained affiliate IDs, which help the crooks earn money on the back of users following these URLs.

Mysteriously, in some cases, the adult links only work on mobile devices

In some cases, Symantec says that these links showed adult content only when accessed via a mobile device. When accessed via a desktop or laptop, they would redirect users to some random Facebook profile.

Symantec says that, for all of the hacked accounts, the attackers changed the original account password, resulting in some users losing access to their account, giving up their profile, and creating a new one, leaving the original under the hacker's control.

At the start of the year, Instagram announced support for two-factor authentication, a feature that's still testing and that could thwart most of these account hijacking incidents.

Besides Instagram, Symantec detected a similar wave of hacked Twitter accounts, spammed with adult content, also leading users to affiliate adult-themed websites.

The type of sites to which the spammy links redirect users
The type of sites to which the spammy links redirect users

Photo Gallery (2 Images)

Hacked Instagram accounts
The type of sites to which the spammy links redirect users
Open gallery