Spotted: New keylogging malware steals Tumblr log-in credentials

News by Doug Drinkwater

A new piece of malware is targeting regular users of Yahoo-owned microblogging website Tumblr

Cyber criminals continue to turn their attentions to social networks like Facebook, Twitter and LinkedIn in search of user data.

Once of the latest social platforms to be subject to a malware attack is Tumblr, the popular microblogging service that was acquired by Yahoo for US$ 1.1 billion (£723 million) in May of this year.

In a new blog post, Malwarebytes analyst Christopher Boyd details that a fake Tumblr Chrome extension file is doing the rounds, with its sole aim seemingly being to harvest user log-in details and other personal information.

The ‘Archive Poster' extension targets heavy Tumblr users who post up to 250 posts each day and promises to help them out by removing the post limit. Users are invited to download an .exe file and text file on their Windows device from a .rar sitting on free file hosting.

Tumblr users are then asked to log-in to their account but – at this point – the malware has been loaded onto the infected PC and is keylogging their log-in credentials and other personal information. The malware can also upload screenshots to view the user's browsing habits and personal information left on the desktop, and even sends encrypted data to the malware creator via email on a periodical basis.

This isn't the first time Tumblr users have been targeted. In the past the blogging site has been subject to phishing scams and fake competitions among others things, and Boyd told that scammers are attracted to the site because their posts can go viral in a short amount of time.

“Tumblr has been a popular target for scammers for some time, and the instant nature of re-blogging allows scam / fake posts to go viral very quickly,” said Boyd.

“On a similar note, cross site scripting scams which spread rogue posts with minimal user interaction have previously spread like wildfire on a number of occasions. All too often, Tumblr users don't stop to check before reposting content or falling for a preventable scam.”

Boyd continued by saying, as many other market watchers have done in the lead up to 2014, that social platforms are increasingly subject to cyber crime attacks.

“If you can steal a popular social network account, you can broadcast rogue links to an audience of thousands or even millions,” Boyd told

“There have never been so many popular platforms for scammers to choose from and tailor their themed scams appropriately. Unfortunately, end-users keep falling for the same tricks. Facebook profile viewer scams have been around forever, yet victims continue to lose their logins or fill in dubious surveys for non-existent rewards.

Find this article useful?

Get more great articles like this in your inbox every lunchtime

Video and interviews