WARNING: Twitter DMs Promise Facebook Videos Featuring Users, But Deliver Malware

By David Cohen 

Facebook and Twitter may be playing nice, but the two social networks are also being combined to spread malware, with Twitter direct messages claiming to contain links to Facebook videos featuring the recipients.

Sophos’ Naked Security blog reported that “a variety” of Twitter DMs containing such messages has been discovered of late, but while the bait may be different, the result is the same: Users who click on the links are directed to a page that resembles a video player, with the message, “An update to Youtube player is needed,” along with promises to update Flash Player 10.1.

According to Naked Security, the file users are prompted to download, FlashPlayerV10.1.57.108.exe, is actually backdoor Trojan horse Troj/Mdrop-EML, which has the ability to copy itself to accessible drives and network shares.

Naked Security said it is not yet clear how users’ Twitter accounts are being compromised to send the DMs, as Twitter DMs can only be sent between users of that social network who follow each other, which makes these spam messages more dangerous, as they appear to come from trusted users.

Readers: Have you received any suspicious Twitter DMs that claim to contain links to Facebook videos?

Warning image courtesy of Shutterstock. Screen grabs courtesy of Naked Security.