Tuesday, April 23, 2013

Twitter is one of the most used social media networks today and everyday hundreds of millions of people communicate using it and that is why this also becomes an effective carrier from security attacks. This time it is being used to spread malware through hijacked accounts.

The attack was originally discovered by security firm Trusteer according to which, attackers are leveraging Man-in-the-browser (MiTB) attack for this process and using hijacked accounts to tweet malicious tweets and since the accounts used are legitimate ones, people trust the tweet and click on the links attached with those.

A JavaScript code is injected into the accounts of victims giving attackers their authentication tokens which are then used to tweet malicious links from the victims account through token based authorization calls to Twitter's APIs. Here are some of the malicious tweets being posted using victims' accounts.
  • Original Text (in Dutch): "Onze nieuwe koning Willem gaat nog meer verdienen dan beatrix. check zijn salaris."
    Translation (in English): "Our new King William will earn even more than Beatrix. Check his salary."
  • Original Text (in Dutch): "Beyonce valt tijdens het concert van de superbowl, zeer funny!!!!"
    Translation (in English): "Beyonce falls during the Super Bowl concert, very funny!!!!"
  • Original Text (in Dutch): "topman [Dutch Bank] gaat ervandoor met onze miljoenen!! De minister heeft weer het nakijken... zie"
    Translation (in English): "CEO of [Dutch Bank] is off with our millions!! The minister is inspecting again... see"
    Note: We have removed the name of the bank being actually used from this tweet.
And one of these links follow these tweets leading the victim right into the trap but the good news is that now none of them seems to be active.

Note: Please do not try to go to any of these links. These are inactive but may still harm you or your data in some form.
  • hXXp://yix.be/b18e9
  • hXXp://yix.be/11efb
  • hXXp://ow.ly/hr6a6
  • hXXp://01.nl/rohvj9
As it can be easily assessed seeing the malicious tweets, people are quite likely to click on the links attached with them if it comes from a legitimate account they are following. According to Trusteer, these malicious tweets have already been spotted coming from many Twitter accounts implying that the attack has already been successful.

Although the attack has been targeted towards Dutch community as of now but this can very well be used at an international level so we appeal our readers to spread this news and be very aware of the links you click on because they may very well be a malware creating problems for you and the people who trust you, digitally or personally.

Disclaimer: The author or SmartHacks will not be held liable for any damage, whatsoever, occurs if any reader tries to access any one of the malicious links.


Post a Comment