Trusteer researcher Tanya Shafir has recently identified an active configuration of TorRAT targeting Twitter users. Other than spreading ideas on the most popular social networks, now cyber criminals are spreading malware.
The malware launches a Man-in-the-Browser (MitB) attack through the browser of infected PCs, gaining access to the victim's Twitter account to create malicious tweets.
Because the malware creates malicious tweets and sends them through a compromised account of a trusted person or organization being followed, the tweets seem to be genuine. Those tweets contain malicious links and they read : "Our new King William will earn even more than Beatrix. Check his salary" or "Beyonce falls during the Super Bowl concert, very funny!!!!"
At this time the attack is targeting the Dutch market. The malware spreading via the online social networking service, used as a financial malware to gain access to user credentials and target their financial transactions.
The attack is carried out by injecting Javascript code into the victim's Twitter account page. The malware collects the user's authentication token, which enables it to make authorized calls to Twitter's APIs, and then posts new, malicious tweets on behalf of the victim.
Because it uses a new sophisticated approach to spear-phishing, so attack is particularly difficult to defend. "This type of attack increases the need for enterprise exploit prevention technology: By blocking the exploitation of vulnerable endpoint user applications, like browsers, and preventing the malware download, exploit prevention technology stops the attack and prevents the malware from spreading and infecting more users," added the firm.