- Guy who runs Trump Organization Twitter account caught hyping up own tweet Sunday 4:51 PM
- People found out how tall Olaf is–and now ‘Frozen’ is terrifying Sunday 3:41 PM
- Rapper Juice WRLD dead at 21 Sunday 3:02 PM
- Embody Andrew Yang, fight other presidential candidates in video game Sunday 2:33 PM
- Ariana Grande spoke with TikTok teen who looks exactly like her Sunday 1:00 PM
- Beyoncé accused of paying dancers ‘low rates’ Sunday 11:58 AM
- Timmy Thick blasted for saying the N-word in comeback video Sunday 9:11 AM
- Netflix’s ‘The Confession Killer’ is a devastating and well-built portrait of a con artist Sunday 8:00 AM
- Swipe This! I’m ashamed to tell anyone about my online shopping habit Sunday 6:00 AM
- UPS facing backlash for thanking police after employee killed in shootout Saturday 5:02 PM
- Sanders campaign fires staffer after anti-Semitic, homophobic tweets surface Saturday 3:13 PM
- Brother Nature was attacked, says everyone just watched with phones out Saturday 2:45 PM
- Ryan Reynolds’ gin company hires Peloton wife for ad Saturday 1:24 PM
- Ex-vegan YouTuber accused of fraud after following meat-only diet Saturday 1:11 PM
- The 15 best Disney+ hidden gems and deep cuts Saturday 12:23 PM
Bogus “Pinterest tool” is actually a password-thieving Trojan
How to avoid getting duped by the virus spreading around Pinterest.
A phishing scam disguised as an item on your pinboard has landed on Pinterest, and could be thieving the usernames and passwords of unsuspecting pinners.
The scheme comes in the form of a pin, which, when clicked, redirects the user to a third-party site that asks you to download a “Pinterest tool.” Instead, the user downloads a browser plugin that reads the user’s password info for various websites.
Janne Ahlberg, an Internet security expert who frequently tests websites on his blog, analyzed the code for the “Pinterest Tool” and found it to be malware—specifically, an iteration of a known Trojan virus. According to Ahlberg and the F-Secure website, an Internet security testing site, the Trojan is designed to intercept “possible user name and password from visited websites and [send] them to the attacker’s server.”
Once you’ve inadvertently installed the malware, it masquerades as a regular browser extension:
But thankfully, the trick to removing it is easy: just go to your browser tools or extensions, locate the “Pinterest Tool,” and uninstall it.
The file name for the malware is Trojan.PWS.ZAQ., but Ahlberg believes there are other similar bugs around the site. One alternate version of the bug that was discovered over a year ago orders you to “install the Pinterest Tool to view this recipe. To continue, install the tool and enjoy more features of our site.”
Ahlberg recently unearthed a massive diet spam campaign spread over Twitter and Pinterest and involving hundreds of hacked websites. He advises that Pinterest users proceed with caution when accessing Pinterest, and shows them how to safely search Pinterest to see if a particular domain is infected.
Yesterday Ahlberg noted that the suspicious pins are still on the Pinterest website. But users looking to identify the culprit pins based on their addresses, however, might be thwarted: it appears the malware contains a bit of code that attaches itself to whatever normal pin a user might want to put on their site, causing it to redirect to an infected site housing the fake “tool.”
As Jason Hamilton at 404 Tech Support elaborates, the only way a casual user could tell something is off is by double-checking the URL:
In the case of these malware pins, the links went to a variety of blogspot blogs with a food blog sounding subdomain like icanhasrecipe.blogspot.com…. The url looks like icanhasrecipe.blogspot.com/?r=13498asd987149087&u=http://tasteofhome.com. Nothing [so] conspicuous that a casual user would notice something wrong.
Alhberg has identified over 20 such sites.
He expressed surprise that Pinterest has apparently done nothing to halt the spread of the virus. But even more surprising is that the version of the malicious plug-in discovered in 2012 is still there along with the newer version.
Photo via Wikimedia Commons
Aja Romano is a geek culture reporter and fandom expert. Their reporting at the Daily Dot covered everything from Harry Potter and anime to Tumblr and Gamergate. Romano joined Vox as a staff reporter in 2016.