Twitter users are being warned to be on the lookout for an account hijacking attack called ‘StalkTrak’ that has taken a growing toll of victims on the social media site in the last week.
The attack appears as an apparently legitimate tweet from a Twitter follower followed with the message “I love this NEW App, it shows me who "stalks" my twitter!,” followed by a shortened URL link that launches a Twitter link requesting access to the user’s account.
As well as redirecting users to a domain, said by security site Stop Malvertising as having been registered in whois to a Chinese company as recently 15 July, victims are asked to log in to their Twitter accounts. This is a ruse to steal their account user name and password.
Anyone who goes beyond this point will have handed over their account to the scammers who will then be free to use it to in any way they choose, including locking the owner out. The application authorisation page makes at least some of the potential trouble clear, mentioning that the app will be able to “Read Tweets from your timeline, update your profile, post Tweets for you, access your direct messages.”
By 21 July, the domain associated with the scam link was no longer working.
As with so many such events on Twitter, the number of victims can only be estimated. A search on Twitter reveals a long list of the suspect tweets, suggesting that StalkTrak has caused significant nuisance before being blocked.
Twitter scams, usually simpler link retweeting attacks, have become a common occurrence, many of which find it easy to socially engineering victims on a service where too few users bother to ask questions. Celebrities have also found their accounts hijacked, morst recently actor Simon Pegg, whose feed was used to push malware.