Javascript Twitter injection launches Man-in-the-Browser attacks

Dana Tamir, Enterprise Security Director for Trusteer has recently uncovered a variation of the TorRAT banking data malware which has been actively configured to target Twitter users. The attack works by "injecting Javascript code into the victim’s Twitter account page" Tamir says, adding that the malware "collects the user’s authentication token, which enables it to make authorized calls to Twitter's APIs, and then posts new, malicious tweets on behalf of the victim". These tweets are used, of course, to spread the malware within the social networking circle by leveraging the trust that is implicit in such networks. Twitter users, generally speaking, follow people and accounts that they trust. When these accounts are compromised by such an attack it becomes quite easy to persuade followers to click through to drive-by-malware pages, simply courtesy of the level of implied trust invested in the original poster.