A new Twitter attack is infecting users with a rogue anti-virus download. The malware is spreading through the site in the form of posts from hijacked user accounts.
The posts contain the words 'best video' and a link to an external domain. On clicking the link, the user is taken to a fake video page which launches a background attack script.
The script attempts to install and launch a maliciously crafted PDF file which delivers the actual malware payload.
Rather than infect users with data-stealing malware or botnet controllers, the Trojan installs a fake program called 'System Security'.
As with other rogue anti-virus products, System Security presents false malware scans and alerts in an effort to dupe the user into paying for a non-functioning security tool.
Twitter claims to have suspended the offending accounts and resolved the issue, but users are still advised not to click on suspicious links.
Kaspersky Labs researcher Roel Schouwenberg suggested that the attacks may be related to a phishing run recently spotted on the site, and that the compromised accounts were the same as those being used to post the attack video.
"This attack is very significant. It would seem that at least one criminal group is now exploring the distribution of for-profit [malware] on Twitter," he wrote in a blog post. "If the trends we've seen on other social platforms are any indicator for Twitter, we can expect an increase in attacks."
Newbies will be thrown in with the big boys on Sanhok as Kar98 fodder
Data is the perfect intersection of logic and emotion
Support for RTX Technology and new version of GPU Boost algorithm coming in next-gen Nvidia GPUs
Is Sony's Xperia XZ2 Compact a big step forward against last year's XZ1 Compact?