The Hacker News Logo
Subscribe to Newsletter

Spam Tweets 'US Government Trying to Shut Down Bitcoin' Spreading Malware

Spam Tweets 'US Government Trying to Shut Down Bitcoin' Spreading Malware
The Security Software company Malwarebytes has discovered a malicious scam spreading through rogue tweets by a number of fake Twitter accounts with a link to a story that says the United States Government is trying to ban cryptocurrency Bitcoin.

The majority of the accounts pushing these things are clearly fake, using gathered Twitter handles to launch the barrage of malicious spam at the Twitterverse,” wrote Adam Kujawa of Malwarebytes in a blog post on Thursday.

In most cases, cybercriminals use to spread the malicious software via an email, but distribution of malware through social media is relatively new tantrum of cyber criminals, as more people are fond of social media platforms now a days.

Adam discovered the scam and according to him the worst part of this new Twitter scam is that even without realizing the impact of this fake news, other Twitter users are retweeting from their accounts, making the malware scam more worse.

The tweets contain links lead to a news video on the Wall Street Journal and once you click on the link to watch the news video, you'll be first asked to install Adobe Flash Player.
Spam Tweets 'US Government Trying to Shut Down Bitcoin' Spreading Malware
As soon as you click on the "Install" icon, it will actually start downloading a piece of malware and this malware then further could be used by the spammers to download even more sophisticated malware onto your system.

The researcher analyzed the malware and found it to be a remote access Trojan (RAT), which is possibly related to the Darkcomet RAT.
According to my own dynamic analysis, the malware creates an establish connection with a remote server and drops additional malware, such as the “notepad.exe” that is found in the Temp folder and beaconing out to the same remote server as the initial Install file,” said Adam.
The URL of the link is actually sticking to the domain “www.siam-sunrise.com” which belongs to a website for a business in Thailand. Aside from the URL, the phishing site looks quite legitimate to the Wall Street Journal website with WSJ logo to trick the visitors.

Twitter has already shut down numerous accounts related to the spam and users are highly recommended to have a good anti-virus solution on their systems and avoid clicking any suspicious link and if found, immediately report the suspicious tweets to Twitter as Spam.

Have something to say about this article? Comment below or share it with us on Facebook, Twitter or our LinkedIn Group.
SHARE
Comments
Latest Stories
Best Deals

Newsletter — Subscribe for Free

Join over 500,000 information security professionals — Get the best of our cyber security coverage delivered to your inbox every morning.