New keylogging malware steals Tumblr log-in credentials

By on
New keylogging malware steals Tumblr log-in credentials

Chrome extension harvests personal info.

Users of social media platform Tumblr are being targeted by a fake Chrome extension file aiming to steal user log-in details and other personal information.

The ‘Archive Poster' extension targets heavy Tumblr users who post up to 250 posts each day and promises to help them out by removing the post limit. Users are invited to download an .exe file and text file on their Windows device from a .rar sitting on free file hosting.

Users are then asked to log in to their account. At this point the malware has been loaded onto the infected PC and is keylogging their log-in credentials and other personal information.

The malware can also upload screenshots to view the user's browsing habits and personal information left on the desktop, and even sends encrypted data to the malware creator via email on a periodical basis.

This isn't the first time Tumblr users have been targeted. In the past the blogging site has been subject to phishing scams and fake competitions, among others things.

Malwarebytes analyst Christopher Boyd, who detailed the malware, said scammers are attracted to the site because their posts can go viral in a short amount of time.

“Tumblr has been a popular target for scammers for some time, and the instant nature of re-blogging allows scam / fake posts to go viral very quickly,” said Boyd.

“On a similar note, cross site scripting scams which spread rogue posts with minimal user interaction have previously spread like wildfire on a number of occasions. All too often, Tumblr users don't stop to check before reposting content or falling for a preventable scam.”

The popular microblogging service was acquired by Yahoo for US$ 1.1 billion earlier this year,

This article originally appeared at

Got a news tip for our journalists? Share it with us anonymously here.
Copyright © SC Magazine, UK edition

Most Read Articles

Log In

  |  Forgot your password?