Symantec has discovered a new spam campaign using sexually suggestive photos and compromised custom URLs that's circulating on the photo messaging app.
Each of these spam messages includes a request to "Add my kik", along with a specially crafted user name on the Kik instant messaging application for mobile devices. After the Symantec Security team engaged with these spam bots on Kik Messenger, it was identified that this spam campaign is using a type of spam chat bot-script that the team had detected on Tinder previously.
An interesting discovery from this campaign is the use of compromised custom URLs belonging to small websites and popular brands. Spammers have found a way to create their own links using branded short domains in order to entice users into a false sense of security.
Behind these branded customized URLs are affiliate marketing links directing users to sign up for adult webcam sites. Symantec has been working closely with Bitly to investigate and shut down any spammer use of branded short URLs. Bitly has confirmed that some spammers obtained Bitly API keys belonging to various brands. Some of the brands affected used the AddThis social bookmarking service who recently stopped requiring users to reveal their API key in plain text as part of the AddThis website embed code.
Symantec warns that scammers and spammers will always target new and popular apps like Snapshot as soon as they gain a large enough use base. Symantec advises users to change their Snapchat privacy settings to receive snaps from "My Friends" only to prevent spam snaps from appearing in their Snapchat feed, and use caution when receiving unsolicited messages or friend requests.