News

Trusteer warns of new man-in-the-browser Twitter attack

George Leopold, Contributor

Twitter has attracted a new follower: financial malware capable of facilitating man-in-the-browser attacks through an infected computer.

    Requires Free Membership to View

We haven't seen a Twitter attack like this before.

Yishay Yovel,
vice president of marketing, Trusteer

Trusteer, a Boston-based cybercrime prevention vendor, said this week one of its researchers recently identified the malware, which targets Twitter accounts. While the malware attacks initially have appeared to focus on PC endpoints in banks and financial-services firms, experts said Android-based mobile platforms could eventually help spread the Twitter-based attacks to enterprises.

The attack works by injecting JavaScript code into a user's Twitter account webpage. Once inside, the malware snaps up the user's authentication token, obtaining access to Twitter application programming interfaces. At that point, Trusteer said, the malware can begin posting malicious tweets via a victim's account.

Unsuspecting followers of the infected Twitter account see the customary shortened URLs that disguise the underlying links, making it nearly impossible for a follower to spot a suspicious link to a webpage.

Trusteer said the malware attacks could be used to target financial transactions after gaining access to user credentials. So far, the attacks have been limited to the Netherlands, but could quickly spread to Twitter accounts around the world.

The company also released an excerpt from the injected JavaScript code it uncovered:

"We haven't seen a Twitter attack like this before," said Yishay Yovel, Trusteer's vice president of marketing. He said the malware essentially creates "an open channel" through which it can be distributed to followers of an infected Twitter account, which can then potentially "create a storm" of malware across enterprise networks.

Since identifying the Twitter-based malware while working with a Dutch bank, Trusteer's approach has been to try to establish what Yovel called a "bridgehead," which prevents the malware from breaching PC endpoints. Like most malware, Yovel said, "It's all about establishing a foothold in your network" -- in this case via Twitter -- by getting users to click or open a malicious link, document or application.

As with other types of attacks, Yovel said early detection of Twitter-based malware is critical since it narrows an attacker's options for breaching a network endpoint and gaining access to Twitter and, eventually, financial or proprietary information.

The challenge for enterprises, he warned, is managing security on mobile platforms where some of the malware attacks have gained access to Twitter accounts via SMS messages.

Yovel warned that while early malware samples have largely targeted banks, a wider range of companies could be at risk of falling prey to this or similar attacks. Twitter-based malware, he said, "is absolutely not banking-specific."


There are Comments. Add yours.

 
TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: