The Latest in IT Security

“Upgrade your Tumblr Dashboard” Leads to Chrome Extension

30
May
2012

Yesterday I saw a number of comments being posted to the Ask box of various Tumblr users – here’s one:

“hey whats up? saw your blog and really liked it! what do you think of mine? :)

The recipient of the comment is expected to visit the Tumblr of the commenter, at which point they’re redirected to a phishing page:

Click to Enlarge

“Whoops, something went wrong” claims the page. “Please re-login to your Tumblr account and try again”.

Today, things have changed. The above URL now displays different content to a Tumblr user, and another blog link being dropped into Ask boxes does much the same. Instead of phish pages, Tumblr fans are now taken to one of two pages that prompt a Chrome extension install. This is what the above URL now looks like:

Click to Enlarge

“Please follow the instructions, press continue at the bottom of your Chrome browser and then click add”

Next up, an example of the new spam doing the rounds. As before, users are prompted to check out a Tumblr:

Click to Enlarge

This time, end-users are shown a message claiming that there’s an error loading the blog and that they’re being redirected.

Click to Enlarge

End-users will see the following page:

Click to Enlarge

“Tumblr failed to load this blog! Tumblr has detected you are not running the correct Tumblr dashboard version. Please press upgrade below and follow the instructions.”

The page contains a hidden iFrame complete with bit.ly link, which redirects to ztumblrunlock(dot)com – despite this, the site is currently offline.

Regardless of which of the two “install this extension” pages you end up with, using IE or Firefox will direct you to the genuine Tumblr login screen. However, hitting the “Upgrade Dashboard” button (or pressing “Continue” at the bottom of your browser as per the first example) while using Chrome will begin a Chrome extension install. The “Upgrade Dashboard” page is particularly insistent, darkening the screen while flashing white blinking text:

Click to Enlarge

“Click continue and then click the install button in the popup window above, then revisit Tumblr!”

This is interesting, given that only yesterday the same website was playing host to a fake login screen. Now that’s been abandoned, and end-users are being told to go “revisit Tumblr”. The extension runs a script that makes use of a legitimate website visitor count plugin, however a probable combination of missing additional elements, code and the fact that this is likely just a trial run (“chrome_plugin_test.crx”) means that not an awful lot is happening right now.

All the same, given what we’ve seen so far it’s likely that this isn’t something you’d want to download in a finished form. What we can say for the time being is that you definitely don’t need to “upgrade your Tumblr dashboard”, because there’s nothing to upgrade – the Tumblr staff make changes themselves without user interaction, and any website claiming you need to install something to do this should be viewed with a healthy dose of scepticism.

Browser extensions seem to be a hot property right now but for all the wrong reasons and Tumblr users (along with everyone else) should be mindful of this when being asked to upgrade, fix, unblock or generally perform a task that probably doesn’t require an install of software in the first place.

Christopher Boyd (thanks to Jovi and Mark for additional information)

Leave a reply


Categories

WEDNESDAY, SEPTEMBER 22, 2021
WHITE PAPERS

Mission-Critical Broadband – Why Governments Should Partner with Commercial Operators:
Many governments embrace mobile network operator (MNO) networks as ...

ARA at Scale: How to Choose a Solution That Grows With Your Needs:
Application release automation (ARA) tools enable best practices in...

The Multi-Model Database:
Part of the “new normal” where data and cloud applications are ...

Featured

Archives

Latest Comments