Thousands of Twitter users have been caught off guard by a scam that dupes them into clicking on links to reveal how long they’ve spent on Twitter. It links to malware that spreads links from users’ accounts without their knowledge.
The offending links are being circulated on Twitter in messages containing the following text: “I have spent 11.6 hours on Twitter. How much have you? Find out here: [LINK]”
However, if users click on the bit.ly link being used in the message, they are taken to a page which attempts to connect a rogue application called ‘Time on Tweeter’ with the user’s Twitter account.
The application instantly tweets a message from the victim’s Twitter feed, claiming that they, too, have spent 11.6 hours on Twitter, while also directing the victim to a page which presents a revenue-generating survey on behalf of the scammers.
Revoke the rogue immediately
"Affected users need to revoke the rogue application’s access to their Twitter account immediately, or it will be able to spew out more links from your Twitter page – which could promote spam sites or link to malicious webpages," advised Graham Cluley, senior technology consultant at Sophos.
“Scams like this are very commonly encountered on Facebook, but are more rarely seen on Twitter – meaning that many users will be sitting ducks to this type of attack.
“Although Sophos is in contact with bit.ly about closing down the offending link, it’s possible that the scammers will use other links and other names for their rogue applications.
“So be on your guard, and always think twice before allowing a third-party app to have access to your Twitter account,” Cluley warned.