Twitter, one of the most popular social media websites on the Internet, has unwittingly been transformed into a cash cow for criminal hackers. The social platform is embroiled in the latest hacking attack news for 2022. The ongoing assault, as per a new report, indicates that a malware crusade against Twitter was found by a group of Internet safety specialists. Up to this point, the reported malicious malware has been flooding the electronic gadgets of Twitter followers.
The Twitter security hack shows that the hackers have figured out how to utilize pictures with connections to infectious QR codes to enrich themselves, by penetrating and flooding the gadgets of devoted Twitterers. Allegedly, the vindictive QR codes tormenting Twitter users have displayed to download fraudulent expansions of the Google Chrome software.
Karsten Hahn and his team of cyber investigators found the malware and has recorded their disclosure in a blog entry named Malicious QR Codes On Twitter Elaborating. As per the itemized blog entry, Hahn expresses that the research detected the spread of the malware as its malicious QR codes flood the Twitter social website.
With additional examination, the investigators noted that the hackers’ end target was Google’s Chrome browser. Reportedly, the criminal hackers created fake expansions of the Chrome browser.
The hackers utilize worthwhile pictures to draw the attention of Twitter clients, and when the designated pictures are clicked, the advert masked as an ISO document, duplicates and spreads its malicious QR codes. Notwithstanding, the ISO document is modified not to convey the suggested program, but fills in as the loader for the dangerous malware created by the hackers.
Twitter Flooded with Malicious Malware
The cyber security team uncovered that the ISO record contains two fundamental parts; a _meta.txt, which has a PowerShell script, in conjunction with, a downloader.exe. Also concerning the capacity of the two parts; the _meta.txt contains a PowerShell script scrambled with a replacement code. And the downloader.exe functions as a .NET assembler.
Besides, it involves an immense word reference dictionary containing replacement letters, which unscrambles the PowerShell script in _meta.txt. Also, the PowerShell runs at regular 10 seconds intervals titled as ChromeTask.
Additionally, as expressed by the cyber investigators, the vindictive Google Chrome extensions are downloaded by the PowerShell script. Also explicitly, these downloads have covert properties that assist them with sidestepping being uninstalled by the impacted clients. Accordingly, if a person visits the virus baited Chrome extension; it would divert to another way, for example, the “chrome://extentions” would divert to “chrome://settings”.
However, the cyber security research team stated that while the malware has not displayed any harmful infection; it actually runs spam advertisements on infected gadgets. Most importantly, the malware shows that its main purpose is to earn income for the hackers, by utilizing spontaneous promotions that target and hijack the Google Chrome browser.
In conclusion, Hahn and his research team, additionally cautioned that malware loaders can over time evolve into devastating viruses. In that, the approach to developing more advanced malware projects is continuously attempted by criminal hacking groups.
Subsequently, as a precautionary measure, the cyber analysts advised that particularly Twitter users should avoid downloading pirated documents, and try not to click on pictures that are showing QR codes.