Malware is being spread on Twitter that tricks users into clicking a link that appears to lead to an article on the US government trying to shutdown the bitcoin network.
According to a blog post on Thursday by Malwarebytes, the majority of accounts with the tweet are “clearly fake, using gathered Twitter handles to launch the barrage of malicious spam at the Twitterverse.”
At this point, most hosting customers are able to detect an email that might contain malware, but distribution of malware through social media is relatively new terrain for most people. As a hosting provider, letting customers know about different attack vendors and keeping them on top of new or emerging security threats can help build a relationship of trust with customers.
In the tweet, the link leads to a “video” on the Wall Street Journal, but the URL is actually at siam-sunrise.com, a website for a business in Thailand. Aside from the URL, the site actually looks quite legitimate, using the familiarity of the WSJ logo to trick visitors.
The tweet uses a bit.ly link so it’s hard to tell on the surface that it is fake, and several legitimate accounts are retweeting the spam without looking into what it is.
The video looks like it is loading but then a pop-up to install Adobe Flash Player appears. Once a user presses install, they are provided with a RAR file including four files. One of them is likely to be a remote access Trojan.