Yesterday I spotted a new Twitter phishing campaign. The attack is quite common: attackers use compromised Twitter accounts to spread phishing links. Examples:

phishingThere’s nothing awesome or funny behind the “blog” links – just a standard Twitter phishing site like the one below:

Hacked phishing siteThe attack is currently over. The phishing sites do not work, because they try to send the stolen credentials to blogh0st.altervista.org which has been suspended.

Some remarks:

  • It seems the attack started on July 17-18th by using a compromised account with over 200K followers. This account is verified by Twitter
  • The compromised accounts were used to spread spam as well
  • Not all phishing is visible: DM has become a popular way of spreading malicious links
  • The phishing sites seems to be victims in this attack: they are all hacked

I found over 50 websites that were apparently turned into phishing baits. Most of them work normally. Only the /blog URL is malicious. You can find the full list from GitHub. If you know any of the site admins, please let them know. The attack may resume unless these websites are cleaned up and fixed.

In case your Twitter account has been compromised: https://support.twitter.com/articles/31796-my-account-has-been-compromised