informa
/
/
Risk
Commentary

Twitter iPhone App Worm TargetsiTweeters

Success breeds contempt -- or at least con attempts, as a new worm aimed at stealing financial info from iPhone Twitter app users shows.
Keith Ferrell
Contributor
May 20, 2010
Success breeds contempt -- or at least con attempts, as a new worm aimed at stealing financial info from iPhone Twitter app users shows.The new Twitter worm hides in hot-topic tweets. Those hot topics -- promises of hilarious videos, for example -- are fertile ground for quick, ill-considered clicks on links, at which point the worm sets to work.

This one, described on a PandaLabs blog dumps malware that steals financial info, PIN numbers and passwords.

The campaign is evidently being run from new Twitter accounts, rather than than from the thousands of hacked legit Twitter accounts for sale on the black market.

The keylogger drops in via a Java file drive-by, leading security firm F-secure to ask if "you really need Java in your browser."

Disabling Java is a good first step, but even so, the best first step remains to stop and think before you click on a link in a tweet of an e-mail.

Then don't click on it.

Recommended Reading:
More Insights
White Papers
More White Papers
Webinars
More Webinars
Reports
More Reports
Editors' Choice
Inside the Famed Black Hat NOC
Kelly Jackson Higgins, Executive Editor
Next for Bug Bounties: More Open Source Funding
Robert Lemos, Contributing Writer
How Adversaries Still Target Microsoft Active Directory 20 Years Later
Andy Robbins, Technical Architect, SpecterOps
Reports Point to Uptick in HTML Smuggling Attacks
Kelly Sheridan, Senior Editor
Webinars
More Webinars
Events
More Events
White Papers
More White Papers
More Insights
White Papers
More White Papers
Webinars
More Webinars
Reports
More Reports