Recently, Twitter made public financial statements related to its upcoming initial public offering (IPO). Part of these statements including how many active users it has: Twitter said it has 218 million monthly active users, three-quarters of which have accessed the site from a mobile device.
It’s not a surprise that some of these users are malicious. What is uncommon is that some of these malicious accounts do try to “engage” with other accounts – even those of security vendors like Trend Micro. Too bad for these users – we are one step ahead of them, as we have previously blocked the dubious sites they offer.
Recently, we came across four accounts that added the @TrendLabs Twitter account to various lists. This would not have been unusual, except all four accounts were clearly malicious:
Figure 1. Accounts/lists added
Upon further investigation, these accounts led to more malicious sites offering a variety of hacking tools targeting sites like Facebook and Twitter, as well as a scam site offering free iPhone 5ses.
Figure 2. Hacking tool website
It’s highly likely that these malicious sites are scam sites, offering none of the supposed “tools” that are on offer. Cybercriminals are not below stealing from other would-be online crooks and attackers as well.
Unfortunately, this is not the first (or the last) threat that we can encounter on popular social networking sites. Previously, incidents like survey scams, rogue apps, and other threats were frequent, although recent improvements by these sites were able to keep these threats at bay. However, as the popularity of mobile devices grew, cybercrmininals have found a new platform to use in their schemes. Just recently, we found a fake Facebook mobile page that asks users to disclose credit card details. Cybercriminals may either sell or use these to initiate unauthorized transactions.
We advise would-be “curious” users to avoid these sites and profiles completely, and if possible to report these accounts to site administrators (if possible, using the automated block/report features of these services).
The sites are already blocked by Trend Micro web reputation services.
Additional analysis by Karla Agregado and Paul Pajares.