Shaun of the Dead, Hot Fuzz and Paul actor Simon Pegg has admitted his Twitter feed was hijacked at the weekend to distribute login-stealing malware to an unknown number of his 1.23 million followers.
On 26th June, a tweet suddenly appeared on his feed imploring users to “Download the new ‘Paul’ Sceen [sic] Saver after download right click and press test to install,” which possibly hundreds of them proceeded to do.
Posted via twitter for BlackBerry, the Screensaver.exe file turned out to be a Windows bank login-stealer Trojan identified by security company Sophos as a new variant, Troj/VBBanker-A.
“Some ****er has hacked my account. I did not post any Paul screensaver. DO NOT DOWNLOAD IT. Will get back to you,” tweeted an indignant Pegg after users had reported alarms from antivirus software.
He later added, “I'm sorry some feckless little ****-weasel piggy backed my account to spread his/her twatty arsed computer virus and to the perp,*** you!!.”
Judging from enthusiastic tweets in the hours after the screensaver-malware was posted to his feed, some users might not have grasped that the file contained a Trojan and could still be at risk.
The use of celebrities on Twitter to push malware and links is nothing new, with one report dating a huge rise in malevolence on the service to a period in 2009 when many well-known public figures joined.
Earlier this year, the account of Ashton Kutcher was hijacked after his login session key was sniffed via Wi-Fi, which led Twitter to enable https security as a defence.