Steer Clear of Movie Spam Subreddits

Steer Clear of Movie Spam Subreddits

From the “Curious Tactics” department:

We heard word of shenanigans on Reddit, and it turned out that a scammer had set up a Reddit board (commonly known as a Subreddit) then overlaid it with what was effectively a full-screen spam advert.

Like so:

Full page Reddit spam

Instead of a page filled with Reddit comment threads, we have a fake movie player graphic with “Stream in HD” written above it. Subreddits are customisable and allow for all sorts of tweaks, so I assume the scammer cooked up a custom stylesheet to make the above overlay happen. As far as I’m aware, you need to have had a Reddit account for a minimum of 30 days before being able to create a Subreddit so either someone has baked a bunch of future-dated spam accounts or somebody was compromised.

If you clicked anywhere on the above Subreddit, you’d have been redirected to another website:

Copyright when?

Not sure if I like “Please wait the moment” or the time-travelling copyright notice from the year 2020 more.

Eventually a second movie player image splash loads in:

Yet another player

Of course, there’s another button to click to gain access to that elusive online movie. Fear not, for the journey is nearly over…

Pay up, please

 

Movies, TV shows, videos & more. Anytime, anywhere

Take advantage of our special promotional offer to gain unlimited access for 5 days for free

It’s funny how you always end up going through 2 or 3 different clicks / websites before being told you’ll have to pay someone money for something, isn’t it? Anyway, Redditors won’t be wandering into this particular clickthrough party anytime soon because the Subreddit is now nothing but a spam-pushing memory:

Banned

 

Somebody deserves a few upvotes for that one.

Should you come across anything similar to the above, don’t worry – there’s no redirection or anything malicious taking place on Reddit. The scam relies on you seeing the fake movie player then clicking through to begin your daisy-chained hop, skip and jump to the final “Pay us money” destination. Simply closing the Tab and navigating back to the land of Reddit will be enough to see you safely on your way.

While the threat level here is low, keep in mind that scammers could use this same technique to (for example) send you to malware masquerading as Flash players. Be on your guard, and watch what you click at all times.

Christopher Boyd

ABOUT THE AUTHOR

Christopher Boyd

Former Director of Research at FaceTime Security Labs. He has a very particular set of skills. Skills that make him a nightmare for threats like you.