A new malware attack via Twitter’s direct messaging system apparently tries to lure unwitting users into clicking infected links that appear to go to a Facebook video. As Naked Security reports, the DMs are worded to provoke, using phrases like “you even see him taping u thats awful.” Many people will impulsively click at that point. This is what happens next:
Users who click on the link are greeted with what appears to be a video player and a warning message that “An update to Youtube player is needed”. The webpage continues to claim that it will install an update to Flash Player 10.1 onto your computer.
According to Naked Security, the program the page asks you to download actually contains a Trojan (Troj/Mdrop-EML) which can secretly spread to your computer and any shared drives on your network.
Enigma Software describes this trojan as a “parasite” and says users can tell if the malware has infiltrated their system if they have trouble opening Windows programs, particular software intended to root out spyware.
Disturbingly, it’s not clear how the Twitter profiles used to send the malicious DMs were breached.
Naked Security recommends owners of compromised accounts change their passwords and study all the applications that currently have authorization to access your profile, revoking those you do not need.
Common sense should help as well–if a friend with an English degree sends you a DM reading, “haha look at u in this u look stoopid,” chances are good their account has been hacked. Because really, we’ve had enough social media panic for the week.