On the heels of its most highly acclaimed episode, Breaking Bad fans tweeting about the popular AMC show may find themselves targeted by a new Twitter spam tactic.
Traditionally, spammers and scammers abused the reply functionality built into the service but over the years, spammers have searched for different ways to gain visibility amongst Twitter users. The most recent tactic being utilized is called list spam.
A Twitter list consists of a curated group of Twitter users. Users can create their own lists or subscribe to existing lists already created by others. Spammers are using this feature to get the attention of Twitter users.
Various lures have been used in Twitter list spam recently, from offering celebrity phone numbers to free gift cards, devices, and video games.
Figure 1. Twitter spam account for Breaking Bad
This weekend, the penultimate episode of Breaking Bad, “Granite State,” will air. The show has received a lot of buzz and fans, like myself, have eagerly counted the days until Sunday. Spammers are riding the coattails of the show’s popularity in an attempt to trick users into downloading a leaked copy of the next episode.
Figure 2. Twitter lists used in Breaking Bad spam
Twitter list spam starts off with being added to a list along with thousands of other users. Usually, this type of spam requires you to visit the list creator’s page to see the spam link. In this case however, the link is presented in the list description.
Figure 3. Pastebin contains links to file hosting services
The URL leads to Pastebin, which contains links to different file hosting services for downloading the episode.
Figure 4. File hosting services hosting an episode of Breaking Bad
The file hosting services contain a 280MB file for the user to download. Additionally, users can opt to download a torrent file to use peer-to-peer downloading to obtain the episode.
Figure 5. File contained within the archive
Once downloaded, there are two files in the Zip: a text file named “How To Open – READ FIRST.txt” and a large file (nearly 300MB).
Figure 6. Readme text file contains a shortened URL
In order to open the large file, users are instructed to download the latest version of 7-Zip. The link directs users through an affiliate program, which is how scammers make money. The affiliate program directs users to an installer that comes bundled with other applications. Users can choose not to install these applications.
Figure 7. Breaking Bad season 5, episode 12
Ultimately, installation of this file is unnecessary as the video file can be opened in any media player. Unsurprisingly, the downloaded episode is from earlier this season.
Figure 8. Reporting spam account to Twitter
Twitter list spam is a new trend, one that is gaining quite a bit of traction. If you find yourself added to a Twitter list, you can remove yourself from the list by reporting the user that added you.