News Stay informed about the latest enterprise technology news and product updates.

Trusteer warns of new man-in-the-browser Twitter attack

The attack seeks to compromise a Twitter webpage via a man-in-the-browser attack. Trusteer warns it could be a harbinger of broader future attacks.

Twitter has attracted a new follower: financial malware capable of facilitating man-in-the-browser attacks through an infected computer.

We haven't seen a Twitter attack like this before.

Yishay Yovel,
vice president of marketing, Trusteer

Trusteer, a Boston-based cybercrime prevention vendor, said this week one of its researchers recently identified the malware, which targets Twitter accounts. While the malware attacks initially have appeared to focus on PC endpoints in banks and financial-services firms, experts said Android-based mobile platforms could eventually help spread the Twitter-based attacks to enterprises.

The attack works by injecting JavaScript code into a user's Twitter account webpage. Once inside, the malware snaps up the user's authentication token, obtaining access to Twitter application programming interfaces. At that point, Trusteer said, the malware can begin posting malicious tweets via a victim's account.

Unsuspecting followers of the infected Twitter account see the customary shortened URLs that disguise the underlying links, making it nearly impossible for a follower to spot a suspicious link to a webpage.

Trusteer said the malware attacks could be used to target financial transactions after gaining access to user credentials. So far, the attacks have been limited to the Netherlands, but could quickly spread to Twitter accounts around the world.

The company also released an excerpt from the injected JavaScript code it uncovered:

Injected Twitter JavaScript code

"We haven't seen a Twitter attack like this before," said Yishay Yovel, Trusteer's vice president of marketing. He said the malware essentially creates "an open channel" through which it can be distributed to followers of an infected Twitter account, which can then potentially "create a storm" of malware across enterprise networks.

Since identifying the Twitter-based malware while working with a Dutch bank, Trusteer's approach has been to try to establish what Yovel called a "bridgehead," which prevents the malware from breaching PC endpoints. Like most malware, Yovel said, "It's all about establishing a foothold in your network" -- in this case via Twitter -- by getting users to click or open a malicious link, document or application.

As with other types of attacks, Yovel said early detection of Twitter-based malware is critical since it narrows an attacker's options for breaching a network endpoint and gaining access to Twitter and, eventually, financial or proprietary information.

The challenge for enterprises, he warned, is managing security on mobile platforms where some of the malware attacks have gained access to Twitter accounts via SMS messages.

Yovel warned that while early malware samples have largely targeted banks, a wider range of companies could be at risk of falling prey to this or similar attacks. Twitter-based malware, he said, "is absolutely not banking-specific."

Dig Deeper on Social media security risks

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.