A series of enhanced follower scams have tricked thousands of Twitter users after a group abused the platform’s authentication system and trends section, while making use of the TweetDeck app.
Anti-virus software provider Bitdefender has warned that dozens of dangerous websites, which are being massively promoted through Twitter Trends, are offering free or paid Twitter followers in exchange of users’ authentication tokens. The sites, which have mainstream top-level domains such as .com, .net and .us, are being run by entrepreneurs who may be from Turkey.
Clearly the perpetrators are profiting from users’ eagerness to gain visibility on the platform, but they are actually delivering on their promises—sort of. Those who click on the “free” option get 20 followers at the blink of an eye – both legitimate users and bots.
However, those are hijacked accounts, Bitdefender explained. The scammers are abusing the legitimate TweetDeck application, which allows users to sort content on the micro-blogging platform. In the scam, users have to authorize the app in order to receive the new followers - allowing the fraudsters to make away with the tokens and receive TweetDeck’s permissions without users’ knowledge. They can in turn use those accounts to follow other victims, thus propagating the system.
“While Facebook scams promising new likes are just silly baits, these Twitter scams really deliver what they claim – tens of new followers that are willing to ‘adore’ what you tweet,” Bitdefender chief security strategist Catalin Cosoi said in a statement. “It’s somehow ironic that there is a price to pay even in the ‘free’ version, as they get away with your authentication token. The merchandise is actually you.”
The follower websites are also loaded with commercials for dubious games, torrents and software downloads, and some trick users with malvertising, the firm added.
The issue actually goes back to an earlier vulnerability, Bitdefender noted.
“In April 2013, a research team discovered the Twitter OAuth feature in the application programming interface (API) can be abused to hijack accounts,” explained Bitdefender researcher Bianca Stanescu, in a blog. “Access tokens allow scammers to perform several actions through the Twitter API without a password. Attackers may post new tweets on behalf of the hijacked accounts, read and send private messages, and change users’ location without their knowledge.”
Users who were tricked with this most recent follower scam should uninstall TweetDeck and reauthorize it. They should also run a security scan to check for malware on all the devices they used to log into Twitter.
Bitdefender said that it has reported the scam to the micro-blogging company.