Twitter Worm Unleashes Fake AV Attack

  /     /     /  
Publicated : 22/11/2024   Category : security

Twitter Worm Unleashes Fake AV Attack


Googles goo.gl link shortening service, as well as code obfuscation with RSA public key cryptography algorithm are spreading malicious links via a bogus antivirus campaign.


A Twitter worm is behind a new, fake antivirus campaign now in the wild.
According to Kaspersky Lab security researcher
Nicolas Brulez
, the new worm is spreading fast, using the goo.gl URL shortening service to distribute malicious links.
The attack, which was first spotted on Thursday, tweets a single, malicious link, with no additional message text, though all of the attacks list Mobile Web -- Twitters app for generic mobile phones -- as the client used to post the tweet. Clicking on the malicious link sends users to one of various domains which feature an HTML page named m28sx.html, which then redirects users to a static Web page with a Ukrainian top-level domain address. From here, users are redirected to pages which hawk
fake AV
, aka scareware.
Like all fake AV, the user is invited to remove all the threats from their computer, and will download a fake antivirus application called Security Shield, said Brulez. Interestingly, the graphical user interface of the rogue AV software shows up in the operating systems default language.
Twitter is aware of the attack and is working to block it. On Thursday, Del Harvey, head of Twitters Trust & Safety group, tweeted: Did you follow a goo.gl link that led to a page telling you to install Security Shield Rogue AV? Thats malware. Dont install. She added in a second tweet: Were working to remove the malware links and reset passwords on compromised accounts.
Security Shield appears to be an update of a previous strain of fake AV known as Security Tool, since the Web page is using exactly the same obfuscation techniques …, which is an implementation of RSA cryptography in JavaScript to obfuscate the page code, said Brulez.
Attackers seem to favor RSA over other obfuscation techniques, he said, likely because key length can be kept relatively short, and also because private keys can be called via JavaScript.

Last News

▸ ArcSight prepares for future at user conference post HP acquisition. ◂
Discovered: 07/01/2025
Category: security
▸ Samsung Epic 4G: First To Use Media Hub ◂
Discovered: 07/01/2025
Category: security
▸ Many third-party software fails security tests ◂
Discovered: 07/01/2025
Category: security


Cyber Security Categories
Google Dorks Database
 		Exploits Vulnerability
 		Exploit Shellcodes

CVE List
 		Tools/Apps
 		News/Aarticles

Phishing Database
 		Deepfake Detection
 		Trends/Statistics & Live Infos



Tags:
Twitter Worm Unleashes Fake AV Attack