Acai Berry spammers hack Twitter accounts to spread adverts

Hundreds of innocent user’s accounts on the Twitter micro-blogging service appear to have been hacked by spammers.

A typical message posted on the compromised accounts will say something similar to the following:

Howdy my friend! I just lost 13 pounds in 12 days. It only costs me $5. Take a look at this: http://[random].cn

Examples of Acai Berry spam on Twitter

Sign up to our free newsletter.
Security news, advice, and tips.

If you do click on the link you get taken to a website with a .cn tld (top level domain) like the following:

One of the websites set up by the spammers

Some victims of this latest Twitter hack attack are noticing that their account is sending Acai Berry spam, however. Take this example, for instance, where the user has apologised for the security breach on his account:

Twitter account abused by Acai Berry spammers

The question is – how have these accounts on Twitter been hacked? At the moment, that’s not clear. But what is evident is that users need to take more care with their Twitter passwords.

If your account on Twitter has been compromised, make sure you change your password to a non-dictionary word – and be sure to also change any other online accounts where you might be using the same password. Far too many people use the same passwords on multiple sites, which obviously increases your chances of becoming hacked.

Not sure how to choose a password that’s memorable but also hard for the hackers to guess? Watch this video:

[youtube=http://www.youtube.com/watch?v=VYzguTdOmmU&w=500&h=308&rel=0]

(Enjoy this video? You can check out more on the SophosLabs YouTube channel and subscribe if you like)


Graham Cluley is an award-winning keynote speaker who has given presentations around the world about cybersecurity, hackers, and online privacy. A veteran of the computer security industry since the early 1990s, he wrote the first ever version of Dr Solomon's Anti-Virus Toolkit for Windows, makes regular media appearances, and is the co-host of the popular "Smashing Security" podcast. Follow him on Twitter, Mastodon, Threads, Bluesky, or drop him an email.

What do you think? Leave a comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.