Temptation to look is once again being used as bait for a variety of malware attacks, thanks in part to the widespread coverage of the recent nude celebrity photos leaks on 4chan and reddit. The old bait-and-switch move, a well-worn social engineering attack on Twitter and other social networking services, has now been updated with promises of intimate photos of Jennifer Lawrence. In reality, the link delivers malware “dropper” software instead.

Researchers at Trend Micro have uncovered a number of new social engineering attacks based on the celebrity photos. One in particular uses Lawrence as the bait, with a shortened URL that the Twitter lure promises will take you to “Jennifer Lawrence Leaked Photos.” The tweet uses hashtags for Jennifer Lawrence both by her full name and by “JLaw” in order to target people actively seeking information about her.

A fraudulent tweet, used as a lure.
Trend Micro Labs

Those who fall for the bait are taken to a website with a “video”—which is in fact a link to fake “Video Converter” software. What really gets delivered is a malware package that Trend Micro calls ADW_BRANTALL, an adware installer that targets Microsoft Windows 7 and earlier Windows versions.

A Facebook version of the #JLaw lure, propagating itself thanks to forced “shares.”
Trend Micro Labs

A Facebook version of this “phish” goes even further, forcing users to share a link to the video via Facebook before they download the “converter” on their wall. As a result, unsuspecting Facebook users end up spamming their friends with the fake link, further spreading the attack. Trend Micro researchers also report a number of other malware packages being distributed via file sharing services and other means as archived files labeled as various celebrity photos and videos.

None of these attacks are very sophisticated. The bait-and-switch attacks rely on very common bits of malicious Web code, but given the volume of attention created by media coverage, they’re bound to rake in a fairly substantial number of gullible victims.