MANILA, Philippines – A new form of malicious attack was recently outed by security firm Trusteer, and it leverages our trust in people we follow on Twitter to steer people wrong.

Trusteer notes that this malware targets Twitter users. Their report explains that the malware uses “a Man-in-the-Browser (MitB) attack through the browser of infected PCs, gaining access to the victim’s Twitter account to create malicious tweets.” When people click on the link in the malicious tweet, they are also infected.

Javascript code is injected into a victim’s Twitter account page, picking up the user authentication token. With control of the authentication token in hand, the malware sender can then make authorized calls to Twitter’s APIs, letting it post malware-laden tweets on the victim’s account.

The main issue with this particular form of attack is the difficulty in determining the safety of a link in a tweet due to the inherent trust one puts in an account he follows. While the attacks seem to be localized to the Dutch market, the nature of the attack makes it easy to manipulate the system to create a larger-scale operation. – Rappler.com