Friday, July 23, 2021

Elasticsearch Server Leaks Massive Instagram Click Farm

Must Read

Botnets have been Silently mass-scanning the Web for unsecured ENV Documents

Threat Actors are searching for API tokens, passwords, and database logins generally stored in ENV documents. Drawing little focus on...

Chrome and Microsoft Edge Malicious extensions hit 30 lakh Users

Threat Intelligence researchers from cybersecurity firm Avast have identified malware hidden in at least 28 third-party Google Chrome and...

iOS, Windows 10, Chrome, and Lots of others fall at China’s top hacking Competition

Many of the top software programs are hacked with new and never-before-seen exploits at this season's version of this...

Security researchers have discovered a gigantic Instagram click farm in central Asia, managing thousands of bogus profiles.

A group in vpnMentor discovered the operation as a result of some unsecured Elasticsearch database that it had been using, attached to the public-facing net.

“The click farm seems to be conducted by a complex operation that has assembled a highly automated procedure to make thousands of bogus proxy accounts on Instagram. Each account had its avatar, biodegradable and character,’ seeming to combine Instagram from all around the world,” explained vpnMentor.

“Every bogus account would subsequently publish articles, see others’ articles, follow, respond, and participate with profiles. The click farm has been using proxy servers and IP addresses to conceal its action.”

The investigators tied back the operation into central Asia as most of those IP addresses and cell phone numbers used to authenticate and operate the bogus balances were from Armenia and Kazakhstan.

“Click farms are usually paid by people or companies to inflate their followers and participation.

The folks hiring click farms subsequently use this to leverage sponsorship places and other sorts of earnings from the program. In doing this, they are defrauding any organization or third party that pays them according to engagement and followers,” clarified vpnMentor.

“Click farms can also be utilized to distribute bogus misinformation and news.

After informing Facebook in regards to the server on September 21, it was closed down the next day.

Priyanshu Vijayvargiya
Founder and Editor-in-Chief of 'Virtualattacks Inc' Priyanshu Vijayvargiya is a cybersecurity analyst, Information Security professional, developer, and a white hat hacker.


Please enter your comment!
Please enter your name here

Latest News

OAIC: Uber found to have interfered with the privacy of over 1.2 million Australians

The Office of the Australian Information Commissioner (OAIC) has determined that Uber Technologies, Inc. and Uber B.V. have interfered...

Over 80 US Municipalities data are exposed due to Misconfigured Amazon S3

A team of Cybersecurity researchers at Wizcase found major data exposure of Over 80 US Municipalities due to the Misconfigured Amazon S3 Bucket. This happened...

Formbook malware Upgraded as an XLoader malware to Attack macOS Systems

Researchers have spotted an upgraded malware variant of Formbook malware which is now Upgraded as an XLoader malware to Attack macOS Systems. Cybersecurity researchers on...

Millions of HP, Samsung, Xerox Printers are Vulnerable to 16 year old bug

A 16-year-old security vulnerability affects Millions of HP, Samsung, Xerox Printers Driver allows attackers to gain admin rights on systems using the vulnerable driver...

MosaicLoader malware targets cracked software via SEO poisoning

New MosaicLoader malware targets users that are searching to download cracked software. Cybercriminals run ad campaigns in search engine results to boost their malicious...

More Articles Like This