Tuesday, April 23, 2013

Beware of phishing malware on Twitter

A new malware was discovered that steals Twitter user's credentials, allowing the attacker to tweet on the victim's behalf.

Trusteer researcher Tanya Shafir said that "The malware launches a Man-in-the-Browser (MitB) attack through the browser of infected PCs, gaining access to the victim’s Twitter account to create malicious tweets. The malware, which has been used as a financial malware to gain access to user credentials and target their financial transactions, now has a new goal: to spread malware using the online social networking service. At this time the attack is targeting the Dutch market. However, because Twitter is used by millions of users around the world, this type of attack can be used to target any market and any industry."

The attack is done by injecting Javascript code into the victim’s Twitter account page then the malware collects the user’s authentication data. It enables it to make authorized calls to Twitter's APIs, and then posts new, malicious tweets on behalf of the victim.

Here is an excerpt from the injected Javascript code:

phishing malware, Twitter

Protection against an attack like this is difficult because the attack "uses a new sophisticated approach to spear-phishing."

The disturbing thing about it is since tweets support shortened URLs, victims might think the link is safe and click it and be taken to malicious websites without suspecting anything is wrong.

No comments:

Post a Comment