A new piece of malware that targets users’ financial transactions and credentials is spreading around Twitter. These attacks are particularly unsettling because they distribute malicious links from hijacked Twitter accounts in tweets that appear to be genuine.

The malware was identified by Tanya Shafir of Trusteer, a cybercrime prevention firm, as the configuration of a malware traditionally used to attack financial services. When users click on the malicious link, a Javascript code is injected into the Twitter account and launches a “man-in-the-browser” attack to access the account. It then posts new tweets containing the malicious links, infecting anyone else that clicks on them.

Frequent Twitter users are accustomed to getting suspicious direct messages in their inbox, but this method is a sophisticated new approach to so-called “spear-phishing” scams. What’s worse is that the malware uses a link shortener to disguise the link’s destination. Twitter users often use these to help links fit within Twitter’s 140-character limit, so they are unlikely to appear suspicious when coming from a trusted user.

So how do you know if the link is dangerous? Well thankfully, the malware isn’t a very creative copywriter. So far, three malicious tweets have been identified:

·         “Our new King William will earn even more than Beatrix. Check his salary.”

·         “Beyonce falls during the Super Bowl concert, very funny!!!!”

·         “CEO of [Dutch Bank] is off with out millions! The minister is inspecting again… see.”

For now, the attack is mainly targeted towards the Dutch, but that doesn’t mean it can’t spread elsewhere. Stay on the lookout for these tweets! 

Follow Ryan W. Neal on Twitter