Incidents

Malicious Twitter trends

Earlier tonight I was on my balcony and noticed a very rare phenomenon, at least when it comes to seeing it from Moscow: the Aurora. It was so beautiful, especially since it was the first time for me to see it. I decided to write about it on Twitter and then decided to search for “северное сияние” (Aurora in Russian) to see if others have noticed it too.

I saw a number of tweets from people in Moscow who also saw the Aurora. Then, I noticed “Morgan Freeman” listed in the Twitter Trends.

Thinking that something has happened to him I checked the tag and found a number of suspicious messages. After checking the URL I found they were malicious – a new attack being carried through Twitter right now, live.

Further investigation revealed several trending topics –‘Morgan Freeman’, ‘Advent Calendar’, ‘Pastor Maldonado’, ‘Toivonen’, ‘Grinch’ and ‘Hannukah’ – with various messages with the shortened URLs. Various shortening services were used: tinyurl.com, urlcut.com, bit.ly, doiop.com, tiny.cc, alturl.com, shortlinks.co.uk, yep.it – all pointing to malicious websites.

All these links lead to br********.com/about.html which will redirect user to bestivideos****.it. Then user will be redirected to myb****.com/flash/ where user will see the following ‘offer’:

This ‘codec’ is actually is malicious and detected by us as Trojan-Dropper.Win32.Drooptroop.ipl.

Be careful with current twitter trends because other popular topics may also lead to malicious messages!

UPD: number of messages with each malicious trend has grown to almost 3000 in about 40 minutes

Malicious Twitter trends

Your email address will not be published. Required fields are marked *

 

Reports

BlindEagle flying high in Latin America

Kaspersky shares insights into the activity and TTPs of the BlindEagle APT, which targets organizations and individuals in Colombia, Ecuador, Chile, Panama and other Latin American countries.

APT trends report Q2 2024

The report features the most significant developments relating to APT groups in Q2 2024, including the new backdoor in Linux utility XZ, a new RAT called SalmonQT, and hacktivist activity.

Subscribe to our weekly e-mails

The hottest research right in your inbox