Sunday, 26 June 2011

Fake TweetDeck update preys on Twitter users | Naked Security

TweetDeck upside-down icon
It was a Bank Holiday weekend here in the UK meaning that we had the pleasure of a longer break than normal, with Monday not being a normal working day.

But it appears that at least one bunch of criminals weren't resting on their laurels as they spread links pointing to what they claimed was an update to the popular Twitter client, TweetDeck.

  • Hurry up for tweetdeck update!
  • Update TweetDeck! Bank Holiday
  • Critical tweetdeck update Bank Holiday
  • Sorry for offtopic, but it is a critical TweetDeck update. It won't work tomorrow!

Tweet pointing to fake TweetDeck update

The tweets are being posted from hacked Twitter accounts, and do not link to a legitimate update for TweetDeck. Instead, unsuspecting users are putting themselves at risk of infection by a Trojan horse which Sophos detects as Troj/Agent-OOA.

TweetDeck has reminded its users that they should only download updates from its official website.

It's possible that the malicious hackers who spread the attack are taking advantage of Twitter ceasing support for basic authentication in their API today, meaning users have to be using a Twitter client which uses OAuth.

Regarding this particular attack, Twitter says it is resetting the passwords of accounts that it has seen distributing the dangerous link.

It's curious seeing the mention of the Bank Holiday in the malicious tweets. I wonder how many people outside the UK were aware it was a public holiday here yesterday? TweetDeck itself is a British company, and mention of the Bank Holiday might lead one to suspect that the bad guys behind this attack are also based in the UK.

This isn't the first time that the folks at TweetDeck have found themselves in the gunsights of the bad guys. Earlier this month they warned that a fake TweetDeck app had been uploaded to the Android Market.