A new malware was discovered that steals Twitter user's credentials, allowing the attacker to tweet on the victim's behalf.
Trusteer researcher Tanya Shafir said that "The malware launches a Man-in-the-Browser (MitB) attack through the browser of infected PCs, gaining access to the victim’s Twitter account to create malicious tweets. The malware, which has been used as a financial malware to gain access to user credentials and target their financial transactions, now has a new goal: to spread malware using the online social networking service. At this time the attack is targeting the Dutch market. However, because Twitter is used by millions of users around the world, this type of attack can be used to target any market and any industry."
Protection against an attack like this is difficult because the attack "uses a new sophisticated approach to spear-phishing."
The disturbing thing about it is since tweets support shortened URLs, victims might think the link is safe and click it and be taken to malicious websites without suspecting anything is wrong.