Some Twitter users are getting hit with a malware attack that is spreading through direct messages.
The messages take a variety of forms, noted Sophos Senior Technology Consultant Graham Cluley, including one where the recipient is told something about them has been posted on Facebook. In one iteration, the message says: “your in this” and includes a link to Facebook.
“Users who click on the link are greeted with what appears to be a video player and a warning message that “An update to Youtube player is needed,” Cluley blogged. “The webpage continues to claim that it will install an update to Flash Player 10.1 onto your computer.”
Unfortunately for anyone who follows the directions, the file is not a version of Flash Player; it’s actually a backdoor Trojan that can copy itself to accessible drives and network shares, Cluley wrote. Just how users’ Twitter accounts are being compromised to send the malicious direct messages isn’t clear, but the attack underscores why users should not automatically click on a link just because it appears to have come from a trusted source, he blogged.
Earlier this year, Barracuda Networks examined the underground market for Twitter accounts and was able to purchase thousands of accounts from eBay and other sites. The typical price for buying fake followers was $18 per 1,000 accounts. The average abuser, the company found, has 48,885 Twitter followers, and the average fake Twitter account is following 1,799 accounts.
“If you do find that it was your Twitter account sending out the messages, the sensible course of action is to assume the worst, change your password (make sure it is something unique, hard-to-guess and hard-to-crack) and revoke permissions of any suspicious applications that have access to your account,” Cluley wrote.
The report from Sophos follows a similar report from security firm GFI Software in which Twitter users received a direct message stating “lol ur famous now” that accompanied a link to Facebook. Just as in the case described by Cluley, the link leads to users being prompted to download a version of Flash Player. What users get instead is a Trojan called Umbra Loader, explained Chris Boyd, senior threat researcher at GFI.
“Dubious Twitter DMs aren’t going to go away anytime soon, and end-users should be cautious when sent messages regarding newly acquired fame – winding up in an Umbra Botnet is a form of celebrity one can do without,” Boyd blogged.
More from Brian Prince
- U.S. Healthcare Companies Hardest Hit by ‘Stegoloader’ Malware
- CryptoWall Ransomware Cost Victims More Than $18 Million Since April 2014: FBI
- New Adobe Flash Player Flaw Shares Similarities With Previous Vulnerability: Trend Micro
- Visibility Challenges Industrial Control System Security: Survey
- Adobe Flash Player Zero-Day Exploited in Attack Campaign
- Researchers Demonstrate Stealing Encryption Keys Via Radio
- Researchers Uncover Critical RubyGems Vulnerabilities
- NSA, GCHQ Linked to Efforts to Compromise Antivirus Vendors: Report
Latest News
- Google Temporarily Offering $180,000 for Full Chain Chrome Exploit
- Russia Blames US Intelligence for iOS Zero-Click Attacks
- Toyota Discloses New Data Breach Involving Vehicle, Customer Information
- Cisco Acquiring Armorblox for Predictive and Generative AI Technology
- Moxa Patches MXsecurity Vulnerabilities That Could Be Exploited in OT Attacks
- Amazon Settles Ring Customer Spying Complaint
- Organizations Warned of Salesforce ‘Ghost Sites’ Exposing Sensitive Information
- Adobe Inviting Researchers to Private Bug Bounty Program
