Security News

Scammers sell fake likes, views on Reels

Avast Security News Team, 14 August 2020

Just one week after the launch of Reels, Instagram’s new short-form video platform, scammers are already profiting by selling likes and views for Reels posts by the thousands.

Capitalizing on the new Instagram short-form video platform Reels, which launched on August 5th, scammers immediately began profiting from the sale of phony views and likes. According to a Business Insider report, one seller made enough in five days to buy “a good car and decent home.” The scammers used botnets to register all the fraudulent likes and views, which sold by the thousands. Prices ran around $5 per thousand views and $15 per thousand likes.

Reels is Instagram’s answer to the wildly popular TikTok, allowing users to post short-form, creatively-filtered video content. Speaking anonymously to Business Insider, one scammer commented that Reels has no security in place against bot-driven likes and views. A spokesman from Instagram parent company Facebook rebuked the statement, insisting it continues to crack down on inauthentic behavior, aiming to deliver “the best possible experience across our platforms.” 

Avast Security Evangelist Luis Corrons believes Facebook will soon be on top of the matter. “Even though Reels is a new platform,” he said, “it is a bit surprising that they have been caught wrong-footed, given Facebook’s experience in dealing with cybercriminals. In any case, I am sure that Facebook will deliver all its expertise in this matter, even while cybercriminals continue to try to exploit any weakness in the new platform.”

Verily sets up in-house COVID-19 testing lab

The Google sibling company Verily, which focuses on life sciences, has set up a COVID-19 testing lab within its San Francisco headquarters. On the company blog, Verily’s head of Pathology, Dr. Deb Hanks, commented, “We’ve established this lab to provide a focused specialty service with rapid turnaround time. We are launching with the capacity to run several thousand tests per day, primarily focused on our Healthy at Work customers.” As testing demand currently outpaces national lab capacity, causing patients to wait at least a week to receive test results back, Verily has established its CLIA-certified lab with the intent to facilitate faster result reporting.  

TikTok breaks Google rules, tracks users

The Wall Street Journal published an exclusive where it disclosed that TikTok deliberately hid the fact that it was tracking Android users for a period of 15 months, stopping last November when security concerns over the app began to surface. The WSJ maintains that the tracking must have been used for targeted advertising. The illicit action not only circumvents Google’s policy to allow users to reset IDs for ad tracking, but it directly breaks TikTok’s own privacy policy. This newest revelation will no doubt affect the future of the controversial China-based company, which is currently being considered for purchase by Microsoft.

Stalkerware apps slip through Google’s ban

Last month, Google announced a ban on stalkerware apps being sold in the Play Store beginning August 11th, but TechCrunch reported that several stalkerware apps are still available, having slipped through Google’s filter. “Stalkerware” is the nickname given to any apps that allow physical or digital tracking of another person without their permission. They are often pitched as parental tools, but many have been repurposed by suspicious spouses and abusive partners. Even after Google’s ban took effect, TechCrunch found stalkerware made by FlexiSpy, mSpy, WebWatcher, and KidsGuard, among others, still advertised in the Play Store. Critics find Google’s qualifications of what constitutes stalkerware to be lax and incomplete. 

Internet stays strong during increased usage

In a special feature published this week, ZDNet reported that since pandemic lockdown orders began taking effect in March, internet use has greatly increased, rising 30% in upstream traffic and 20% in downstream traffic. Nevertheless, researchers found that “despite this flood of traffic, Internet Service Providers (ISP)s, Content Delivery Networks (CDN)s, and public clouds have kept the bits moving smoothly on the internet superhighway.” They also discovered that cloud provider networks are more stable than ISPs, though cloud outages are more likely to directly impact users. 

This week’s ‘must-read’ on The Avast Blog

Curious about the latest findings on security related to this year's election? We wrote about the security tools being deployed in 2020, as well as cases of election interference around the world.