The recent announcement made by Twitter regarding the switch from basic access authentication to OAuth open protocol on the Twitter API proved to be a godsend to malware peddlers.
Developers of many applications that will be affected by the switch have rushed to push out an update and to notify users of the release, but Twitter users that utilize TweetDeck have been targeted by online criminals trying to infect as many computers as possible.
According to Sophos, tweets such as “Hurry up for tweetdeck update!” and “Sorry for offtopic, but it is a critical TweetDeck update. It won’t work tomorrow!” containing a shortened URL where the supposed update could be found were actually posted from hacked Twitter accounts, and the link pointed to a Trojan.
Twitter has notified users that they are resetting the passwords of those compromised accounts and warning users not to fall for the scam.