Cyber criminals have exploited a newly uncovered vulnerability in Twitter to deliver malicious pop-ups and third-party web sites.
The 'onMouseOver' attack allows pages to open just by moving a mouse over a link, meaning that users do not have to click on anything to launch the pages.
The attack also generates and publishes code in the Twitter user's update box that links to third-party sites to propagate the code further.
Graham Cluley, senior technology consultant at Sophos, told V3.co.uk that the vulnerability may be the result of a modification to Twitter code in preparation for upcoming changes.
"It's not clear whether the vulnerability existed before and has only recently been discovered or if it's something new, but it's quite a serious issue that needs to be fixed," he said.
"However, as I don't have access to the new Twitter but was still affected by the attack, it would suggest it is not something that is unique to the new site. "
Cluley added that the code was most likely posted by a user to deliberately start the infection, whether as a prank or maliciously, and that Twitter may be able to find the original tweet that caused the attack.
Prominent Twitter users affected by the attack include Sarah Brown, wife of former prime minister Gordon Brown, whose account redirected over one million followers to a Japanese porn site.
Twitter has acted swiftly to identify and patch the attack, according to a posting on its Status page and at the time of writing the site had returned to normal.
Cotton seedling freezes to death as Chang'e-4 shuts down for the Moon's 14-day lunar night
Fortnite easily out-earns PUBG, Assassin's Creed Odyssey and Red Dead Redemption 2 in 2018
Meteor showers as a service will be visible for about 100 kilometres in all directions
Saturn's rings only formed in the past 100 million years, suggests analysis of Cassini space probe data
New findings contradict conventional belief that Saturn's rings were formed along with the planet about 4.5 billion years ago