More than 2500 Twitter accounts have been compromised to tweet links to websites specializing in adult dating and sex personals, according to a blog post on Symantec’s website.
It is claimed the attackers have also altered users’ profile pictures (often to an evocative photo of a woman), biography and full name to further promote the sites, with recent tweets containing other suggestive images and language discussing adult webcam sessions and sexual encounters. The hackers are believed to have earned money – US $4.00 for each person who signed up – by redirecting the victims through affiliate programs, Symantec says.
It appears the perpetrators adopted a slightly unusual approach for such an attack, opting not to tweet or directly message other users, but instead used the compromised accounts to simply like tweets and follow others gambling that they will be curious enough to click on the affected profile and take a look. In doing so, they are met with tweets that claim to offer free sign-ups to the sexually orientated content with shortened links that eventually lead to the full site via an intermediate landing page.
Interestingly, Symantec’s investigation revealed that almost three-quarters (73%) of the compromised accounts were created at least four years ago (the oldest dates back to 2007) and some accounts had not been active/sent any new tweets in years. The firm says it was likely that many of the accounts hit were using weak or re-used passwords, something that often leaves the door open for hackers to take advantage.
In a statement to Infosecurity Chris Boyd, malware intelligence analyst at Malwarebytes, said attacks on social media accounts are now very common with frequent mass spam attacks on platforms such as Twitter incredibly prevalent.
“While the bulk of these peddle diet spam, many redirect to malware and PUPs, and these tactics rely on exploiting the trust of links from associates.
“Many social media accounts offer a wide range of security settings, from two factor authentication to allowing SSL (assuming it isn't enabled by default). One of the biggest causes of spam on social media is when a service is connected to another: the moment the connected service is compromised, it potentially allows posting to the non-compromised platform from the hijacked account.”
Boyd advised social media users to disable connections to services they no longer use, and ensure security is as high as it can be across all connected services.
“They should also perform some spring cleaning and ensure no old or unknown applications have access to their Twitter or Facebook accounts," he added.