Fake TweetDeck update preys on Twitter users

Filed Under: Malware, Social networks, Spam, Twitter

TweetDeck upside-down icon
It was a Bank Holiday weekend here in the UK meaning that we had the pleasure of a longer break than normal, with Monday not being a normal working day.

But it appears that at least one bunch of criminals weren't resting on their laurels as they spread links pointing to what they claimed was an update to the popular Twitter client, TweetDeck.

  • Hurry up for tweetdeck update!
  • Update TweetDeck! Bank Holiday
  • Critical tweetdeck update Bank Holiday
  • Sorry for offtopic, but it is a critical TweetDeck update. It won't work tomorrow!

Tweet pointing to fake TweetDeck update

The tweets are being posted from hacked Twitter accounts, and do not link to a legitimate update for TweetDeck. Instead, unsuspecting users are putting themselves at risk of infection by a Trojan horse which Sophos detects as Troj/Agent-OOA.

TweetDeck has reminded its users that they should only download updates from its official website.

It's possible that the malicious hackers who spread the attack are taking advantage of Twitter ceasing support for basic authentication in their API today, meaning users have to be using a Twitter client which uses OAuth.

Regarding this particular attack, Twitter says it is resetting the passwords of accounts that it has seen distributing the dangerous link.

It's curious seeing the mention of the Bank Holiday in the malicious tweets. I wonder how many people outside the UK were aware it was a public holiday here yesterday? TweetDeck itself is a British company, and mention of the Bank Holiday might lead one to suspect that the bad guys behind this attack are also based in the UK.

This isn't the first time that the folks at TweetDeck have found themselves in the gunsights of the bad guys. Earlier this month they warned that a fake TweetDeck app had been uploaded to the Android Market.

, ,

You might like

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

About the author

Graham Cluley runs his own award-winning computer security blog, and is a veteran of the anti-virus industry having worked for a number of security companies since the early 1990s. Now an independent security analyst, he regularly makes media appearances and gives computer security presentations. Send Graham an email, subscribe to his updates on Facebook, follow him on Twitter and App.net, and circle him on Google Plus for regular updates.