View all newsletters
Receive our newsletter - data, insights and analysis delivered to you
  1. Technology
  2. Cybersecurity
December 4, 2015

Malvertising goes social with new Twitter ad cyber security attack

News: Hard to detect attack uses social media to lure in victims.

By Charlotte Henry

Researchers at Proofpoint have discovered that malvertising has now gone social, moving onto Twitter. The firm has documented an attack that starts by posting a fake video onto a feed in a Twittercard.

If the client IP address is known, clicking on that opens a fake video on YouTube. If it is unknown, a scam adult social network is opened instead. The user is then prompted to install a Chrome Extension to called Mapi Geni. A webinject is downloaded, and when a user logs in it sends credentials to a remote server.

The attack is taking advantage of the fact that users perceive Twittercards to be verified, and therefore their contents are deemed legitimate and safe. The same goes for apps downloaded from the Chrome Webstore. It is hard to spot as users are able to login unimpeded, unlike with credential phishing attacks.

Proofpoint says that "While the immediate goal is to steal the Facebook credentials of the targeted user, the fact that the webinject is downloaded from a remote server means that it could be changed at any time to perform other actions."

The researchers warn that anyone who has installed the malicious app should uninstall it, and immediately change their Facebook login credentials.

They say that although attacks like this are currently uncommon, cybercriminals are going to be looking to exploit social media more in the future.

Content from our partners
DTX Manchester welcomes leading tech talent from across the region and beyond
The hidden complexities of deploying AI in your business
When it comes to AI, remember not every problem is a nail

Websites in our network
Select and enter your corporate email address Tech Monitor's research, insight and analysis examines the frontiers of digital transformation to help tech leaders navigate the future. Our Changelog newsletter delivers our best work to your inbox every week.
  • CIO
  • CTO
  • CISO
  • CSO
  • CFO
  • CDO
  • CEO
  • Architect Founder
  • MD
  • Director
  • Manager
  • Other
Visit our privacy policy for more information about our services, how Progressive Media Investments may use, process and share your personal data, including information on your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.