Twitter malware campaign with a banking Trojan and keylogger combo

A malware campaign that uses fake Twitter accounts and sends out messages marked with popular hashtags, containing the text “haha this is the funniest video ive ever seen” and a malicious shortened link, is underway.

The messages pop-up when users search for trending topics. The shortened links in the messages all point to a web page that hosts a Java exploit whose goal is to drop a keylogger/banking Trojan on the visiting computer.

The source code of the page reveals the attack:

F-Secure’s Mikko Hypponen advises everybody who doesn’t need Java in their browser to disable it, making this kind of attacks miss their mark.

Share this
You are reading

Twitter malware campaign with a banking Trojan and keylogger combo