Skip to main content

Latest Twitter hack sends malicious Facebook links through direct messages

Twitter users, beware: A new malware campaign may leave your followers with a virus if they click on a link to a bogus Facebook photo or video that appears to be from you.

Sophos analyst Graham Cluley has reported that a number of Naked Security blog readers are complaining of being spammed via Twitter direct messages.

The compromised accounts send a malicious link aimed at unsuspecting users who click on the link thinking it is a Facebook photo or video of them, which ultimately infects their computer.

Different combinations of wording are often used. In this case, Cluley pointed out two versions of the reported messages: "your in this [link to page on] LoL" and "you even see him taping u [link to page on] that's awful."

Clicking on the link brings users to a video player and a message warning that "an update for YouTube Player is needed." The message says that by continuing, an update to Flash Player 10.1 will be installed. But this download, called FlashPlayerV10.1.57.108.exe, is actually a backdoor Trojan that copies itself onto accessible drives and network shares.

Neither Facebook nor Twitter immediately responded to a request for comment.

Though the source of the hack has not been discovered, Cluley said that the attack underlines the importance of not clicking any link just because it was allegedly sent by a trusted friend. Those whose Twitter accounts have been compromised should change their passwords and revoke permissions of any suspicious apps with access to your account.

In July, a malware campaign targeted Twitter users with links claiming to include a tagged photo. The culprit turned out to be Russian websites attempting to infect Windows PCs with the Blackhole exploit kit.