Warnings have been made about Twitter accounts that are posting to suspicious links to a download for the TweetDeck application.
Reports have claimed that links have been spread to an update to TweetDeck, however the tweets are being posted from hacked Twitter accounts, and do not link to a legitimate update for TweetDeck – rather to a Trojan horse which has been detected by Sophos as Troj/Agent-OOA, and as TROJ_TDSS.FAT by Trend Micro.
Last week, TweetDeck developers notified users that due to changes in the supported authentication protocols by Twitter, following an announcement, that Twitter was going to shut of all basic access authentication on its API.
This incident has led TweetDeck to warn users about ‘a fake TweetDeck update appearing on Twitter' and saying: “These tweets are from hacked accounts and this file does not come from us. Do not download it.”
The updates often begin with one of the following phrases: ‘TweetDeck will work until tomorrow, update now!'; ‘Download TweetDeck update ASAP!'; ‘Update TweetDeck!'; and ‘Hurry up for tweetdeck update!'.
Luis Corrons, technical director of PandaLabs, said: “The TweetDeck application update scam is a typical example of how cyber criminals are exploiting users of social engineering sites. In this case it is particularly dangerous, as the malware installed to lure unsuspecting users is a Trojan with rootkit capabilities, and will put their personal information at risk. Users should take care when clicking on upgrade links to avoid the risk of infection.”
Jim Stikeleather, chief innovation officer of Dell Services, said: “This is clearly a very sophisticated and dangerous threat. Users must always check their accounts and have a good idea of what the threat is. It's imperative that users are careful about what programmes they install on their PC and take personal responsibility for keeping their software up to date.”