‘Man in the browser attack’ has latched on to Twitter

  • Team Omega
  • January 2, 2014

The last post explained what ‘man in the browser attack means.  This is a follow-up detailing how the attack has targeted ‘Twitter’ accounts to make it easy to spread to enterprise networks.

Here is how the malware has been working on ‘Twitter’

JavaScript code gets into a Twitter account page.  The code steals the authentication token and gets access to the application programming interface.  Once in , the malware posts tweets using the victim’s account.  A follower who clicks the URL on a malware posting has no clue as to where that link will take him.  Once a link is clicked, the malware establishes itself for future use in the user’s network.  An important point to note here is that ‘some of the malware attacks have gained access to Twitter accounts via SMS messages’.

Although at this point it is, Twitter based malware attacks will not restrict itself to just financial breaches.   The Twitter attack was first found in the Netherlands and there has been no other known similar attacks in any other country.  But that is no consolation as malwares spread rapidly and in no time can spread to other parts of the world.