Symantec Finds Link Between Twitter And Malicious Code Distribution

Tagged: , , , , , , ,

Symantec Uncover Twitter Security Issue:

Warning about the security risks that are coming to light between Twitter and mobile malware that Symantec discovered after researchers said they have noticed an increase in the number of cyber criminals utilising the micro blogging system to lure in victims.

Symantec Twitter Security Issue
Symantec Twitter Security Issue

In a post made on Symantec’s blog, employee Joji Hamada says that Twitter is becoming an increasingly popular way to lure people to Android.Opfake malware.
“Users can potentially end up infecting their mobile devices with Android.Opfake by searching for tweets on subjects such as software, mobile devices, pornography or even dieting topics, to name a few,” Hamada wrote. “Android.Opfake is not hosted on the Android Market (Play Store) and these tweets lead to malicious Websites developed for the Opfake application.”

Twitter is a hotbed for scams:

Hamada said, that the Tweets used usually contain short links that are in Russian with the odd bit of English mixed into them. If the user clicks on one of these links they are asked to install code which is made to look legitimate. Additionally despite there being these tell tale signs of malicious links there are also tactics used by the individual which are harder to pick up on without having to follow the link and seeing what happens.

In the blog post, Hamada gives examples of malicious tweets.

Malicious Tweets:

Hamada goes on to outline some of the other characteristics of malicious tweets, but he also does warn that they not all consistent and will vary on some level. One of the key things to watch for is that the tweets are being sent out at a constant rate with no variation in what is tweeted and that the account has no followers. Having said that, there will be profiles that look like they are owned by honest people because it contains content in the profile, has followers and a more common account name but it is in actual fact linking to malicious code.
Symantec found that the malware operations are running constantly across a large number of accounts and in most cases they are performed simultaneously. Bringing to our attention Hamada mentions a operation that had been running for 8 hours before it was stopped, within this time 130,000 tweets had been made across 100 accounts (more than 160 tweets per hour per account).

“There were other minor operations taking place as well,” he said in the blog post. “However, I was unable to confirm the number involved.”
Hamada, praising Twitter in the way it responds to the findings of Symantec, which alerts them on malicious tweets. Symantec has suggested that Twitter shuts down these accounts while users are still able to report accounts for spam.

“Cyber-criminals mix their game around, thereby making it difficult to recognize all bad tweets and most of all: they are persistent,” he wrote.
Hamada notes that Twitter provides advice on how to keep accounts secure.

“Smartphones have allowed users to access the Internet anytime, anywhere and perform tasks that were only possible using computers,” Hamada wrote. “While the convenience provides so many great advantages, cyber-criminals are also taking this opportunity to accomplish their bad deeds. So be wary when using mobile devices. For tweets in particular, be selective when deciding which links in the tweets to click on.

Trusted tweets?

You may want to only trust tweets you are familiar with. Tweets are similar to email. You wouldn’t open an email from an unknown sender and then click on the included link, would you? This usually means bad news and the same goes for tweets.”
Having followed the Android.Opfake malware Hamada said that while the developers are currently targeting the Android and Symbian smartphones, they are also looking to target the Apple IPhone and the iOS operating system.

“We have come across a couple of Opfake Websites that, while hosting malicious apps that Symantec detects as Android.Opfake, are also designed to perform social engineering attacks on iPhone users,” Hamada wrote. “The iPhone is designed to prevent the installation of applications outside of the Apple App Store. This makes life difficult for bad guys attempting to fool users into installing malicious apps in a similar manner to Android and Symbian devices. To get around this, the Opfake gang has developed a social engineering trick that does not require apps to scam site visitors.”

To read Juji Hamada blog post click here.

James Hedges