Microblogging platform Twitter has been targeted by a new attack that has infected thousands of users and continues to spread virally, a security firm has warned.
According to a post on security firm Sophos' Naked Security blog, Twitter users are falling victim to a rogue third party app that offers them a chance to see who has recently ‘unfollowed’ them.
Of course, this is a sham, designed to lure users into granting account access to a rogue app.
“58 people have unfollowed me, find out how many have unfollowed you: [LINK] #rw2011 #duringsexplease #youneedanasswhoopin,” reads a typical spammy message. The links that come with the message represent the trending phrases on Twitter, used by hackers to lure in unsuspecting users.
When users click on one of these links, they are asked to grant account access to a third party app. As soon as the users grant the authorisation, the app sends messages in the users’ name to their friends, spreading the rogue app virally.
Users are also asked to complete a survey before seeing who has unfollowed them, and that is how the spammers make money.
“If you were unfortunate enough to grant one of these rogue applications access to your Twitter account, revoke its rights immediately by going to the Twitter website and visiting Settings/Connections and revoking the offending app's rights,” Sophos warned.