TweetDeck Scammers Steal Twitter IDs Via OAuth

  /     /     /  
Publicated : 22/11/2024   Category : security


TweetDeck Scammers Steal Twitter IDs Via OAuth


Users who give up their TweetDeck ID are promised 20 followers for free or 100 to 5,000 new followers a day for five days.



Scammers are abusing Twitters TweetDeck tool as part of a scheme that has roped in thousands of Twitter users, according to Bitdefender.
The scammers
, believed to be from Turkey, are profiting from users desire to increase their Twitter following. In the past month, the scammers have registered dozens of sites dedicated to the scheme and promoted them through Twitter Trends.
On the site, the scammers ask the victims for a Twitter username and lure them with an offer to purchase new followers or get them for free. Those who click on the free option get 20 followers immediately. Those who pay the premium are promised 100 to 5,000 new followers a day for five days. To get the new followers, users must authorize the
TweetDeck
. In the process, the scammers make off with the users authentication tokens and receive TweetDecks permissions without the users knowledge.
Bitdefender online threats researcher Andrei Serbanoiu says the scammers are using an old trick to abuse the Twitter OAuth standard in the application programming interface.
OAuth is practically an authentication protocol that allows users to approve apps to act on their behalf without sharing their password, he says. With follower schemes, scammers hijack tokens by abusing this protocol that authenticates Twitters legitimate app TweetDeck. Researchers have been issuing warnings for a while about this ability to craft special links that may open Twitter app authorization pages for legitimate apps.
When hijacked, these requests specify the attackers server as a callback URL, redirecting Twitter access tokens to the attackers command and control center, Serbanoiu says. Tokens may be as valuable as passwords and may be used to add Twitter clients to follower bots. Scammers may also post on their behalf, follow other accounts, and even read and send private messages.
Unlike other follower scams, this scheme actually does deliver additional followers -- something that has become a bit of a business. According to researchers at Barracuda Labs, the price for buying Twitter followers has dropped to
$8 per 1,000 followers
.
One thing we have noticed is that fake Twitter accounts are better at disguising themselves to look more like real accounts, says Dr. Jason Ding, research scientist at Barracuda Labs. They have begun to engage in conversations, retweet, comment, and favorite tweets in order to look like a real account. Additionally, we have seen the prices for fake Instagram followers and Facebook likes drop more than 30% in the last six months. We believe this indicated that the owners of these fake followers may have found some effective ways to easily create lots of fake followers and likes on these platforms.
To reduce the number of hijacked accounts, Serbanoiu says, Twitter has implemented two-factor authentication and started to educate the public better. As other social media platforms, they try to cope with security issues on a regular basis. However, cyber criminals have a prosperous business to keep, so they continue to create new scams as fast as they are taken down.
Bitdefender advises users who were tricked in the scam to uninstall TweetDeck and reauthorize it, and run a security scan to check for malware on any devices they used to log into Twitter.

Last News

▸ IoT Devices on Average Have 25 Vulnerabilities ◂
Discovered: 23/12/2024
Category: security

▸ DHS-funded SWAMP scans code for bugs. ◂
Discovered: 23/12/2024
Category: security

▸ Debunking Machine Learning in Security. ◂
Discovered: 23/12/2024
Category: security


Cyber Security Categories
Google Dorks Database
Exploits Vulnerability
Exploit Shellcodes

CVE List
Tools/Apps
News/Aarticles

Phishing Database
Deepfake Detection
Trends/Statistics & Live Infos



Tags:
TweetDeck Scammers Steal Twitter IDs Via OAuth