Who is Nicole really? Who got messages from Nicole? Who is behind the messages? What is the resolution of Nicole’s profile images? Do I really have to be a racist to join her server? This comment section’s purpose is to collect all that information.
Who is Nicole really? Who got messages from Nicole? Who is behind the messages? What is the resolution of Nicole’s profile images? Do I really have to be a racist to join her server? This comment section’s purpose is to collect all that information.
Everyone who got a Nicole message: Please get in touch here, you all might have something in common.
i’ve registered on lemmy.sdf.org just recently and i’ve already got 3 spam messages from her…
deleted by creator
Of course, but people who aren’t active seem to get fewer spam. But they might just don’t post it, because they are inactive.
i got a message yesterday, and havent been very active for a few weeks now
If the user isn’t active, the spammers have less chance 9f getting their username
I’ve stopped getting them after my first one, and I’ve got none on the microblogging side of things.
Yeah I only started getting them when I posted/commented
I thought it was because they are reading comments and posts that people share and spamming those people.
Had something similar on reddit a long time ago, got added to a private subreddit because they saw me comment in a community
Woahhh, this checks out!
Nice try Zuckerberg
Received it after leaving a comment in gonewild. Prime hunting grounds for lonely guys I guess. Was my second comment ever and my first was way earlier therefore I’m sure that it was the gonewild comment that triggered the bot to send me the message.
I comment on literally anything and I’ve left some comments on porn posts so that could be it.
I only got one after I mentioned somewhere that I hadn’t gotten one yet. It wasn’t immediately after, but close enough to make me suspicious.
What user was it from and when?
I got one, and I saw it being referenced somewhere else on some post, so I decided to search Nicole and found this community and your message then. Any idea what this means? What’s going on haha
I got a message from the username but without an image.
I live in Toronto.
Not sure there’s much else I’d be willing to divulge. I’d bet that this whole thing is somebody trying to harass this poor woman though.
I thought so, too, but I switched to “Private Browsing”—which disables most of my extension—and opened my inbox there, and there was the image. Went I went back to my normal browser where the tab was still open, there was the image, too. So it just seemed like it took a very long time to load.
The image URL was
https://quokk.au/pictrs...which is another Lemmy instance, and the message was from bogymanstout(at)quokk.au. So the image wasn’t hosted externally to the Lemmiverse, so it can’t really be a deanonymization attack like some people were theorizing. There’s nothing else in the message. No tracking pixels or anything.On the other hand, it’s a very small instance with only 8 communities. The largest of which, world news, has almost 1,000 subscribers. Not impossible to be a fake instance designed for spying, but seems unlikely.
Update:
I just opened my inbox in a normal window again, and Firefox simply refuses to load that image in my inbox. I don’t know why. It loads fine if I open that URL in a new tab.
I recently read an article that broke down a webp vulnerability that was being actively exploited. Which of course I can’t find right now.
If I had access to my PC at the moment I’d pop open the image itself and see if I could find any odd strings anywhere inside of it. I’m sure someone better at this stuff than I could take a deeper dive into the image itself if so inclined.
The only webp exploits for which I can find articles are from 2023. Some new articles, but still about the 2023 exploit. Both in Chrome and in iOS.
The first step would be to see if the “PNG” file is actually a webp file. To see if what you’re saying is plausible.
However, if there were a new, unpatched webp exploit, there’s zero reason to spam users with DMs when you can just post the image in popular communities. It could be any image and there’d be no reason to keep sending images pretending to be a girl looking for friends.
It’s the links in the image which are important to the attacker. Originally they weren’t in the image and it was easy for admins to filter them out, so the attacker took the time to embed them in the image. This points to traditional catfishing and pig butchering as the attack.
Then again they could be playing 4D chess and masquerading the real attack as simple catfishing.
Update
Oh. My. God.
Byte
Ox000cbb7fcontains the word “Cum”!They’re trying to poison our minds!
It’s just a normal PNG file.
Thanks for the insight.
The article I read was recent - within the last week or so. Maddening that I can’t find it again. Should have bookmarked it.
Anyway, that all scans. Figured it was a possibility even if it wasn’t likely.
Got my first one today
I got a message immediately after commenting on a Canada@lemmy.ca post.
i get them every so often. This morning I had two