Anonymous criminals have once again taken advantage of users belonging to a popular social media sites after they leveraged Twitter accounts to spread malware. This time hackers have made use of MitB also known as Man-in-the-Browser to transmit the virus to PCs by sending malicious tweets through hacked Twitter accounts. Since these messages came from genuine Twitter users therefore their followers who receive messages easily fall into the trap because they trust the accounts. The attack was first exposed by Trusteer, a security firm. It was learnt that hackers have inserted a JavaScript code into the accounts of victims for this particular attack. The malware gathers the authentication tokens of users that allows it to “make authorized calls to Twitter’s APIs,” according to TNW. As a result of that the malware starts sending malicious tweets to the followers of the victim’s account.
At this point in time, it seems that the attack was made by local hackers, but Trusteer reports that nothing is preventing it from keeping that way:
“At this time the attack is targeting the Dutch market. However, because Twitter is used by millions of users around the world, this type of attack can be used to target any market and any industry.”
At present the malware is sending messages in Dutch like the ones give below:
“Onze nieuwe koning Willem gaat nog meer verdienen dan beatrix. check zijn salaris” (English translation: “Our new King William will earn even more than Beatrix. Check his salary”)
“Beyonce valt tijdens het concert van de superbowl, zeer funny!!!!” (English translation: “Beyonce falls during the Super Bowl concert, very funny!!!!”)
“topman [Dutch Bank] gaat ervandoor met onze miljoenen!! De minister heeft weer het nakijken… zie” (English translation: “CEO of [Dutch Bank] is off with our millions!! The minister is inspecting again… see”.)
According to VentureBeat, “It’s easy to see how the text for these tweets could be swapped out for something else in Dutch, as well as internationalized to target users in other countries around the world.” Trusteer learnt that the aforementioned text messages were found in numerous Twitter posts, which indicated that hackers have been successful in dodging users, as many have clicked the links provided. However, the good news is that currently these malicious links seem to be inactive.
The security firm also revealed that the current threat of attack was not used for the first time, as earlier it was used as financial malware that can access credentials of users and hit their financial transactions. The current variant spread through Twitter accounts.
Source: TNW