Fake anti-virus attack spreads on Twitter via goo.gl links

Graham Cluley
Graham Cluley
@
@[email protected]
@gcluley

Thousands of Twitter users are finding that their accounts have been tweeting out malicious links without their permission, pointing to a fake anti-virus attack.

A quick search on the popular micro-blogging network finds many tweets from users containing no message other than a goo.gl shortened link (Google’s equivalent to bit.ly or tinyurl), which itself points to a URL ending with “m28sx.html”.

Although most affected Twitter users appear to be oblivious to what has occured, a few have noticed the messages, and suspected a security breach.

If you make the mistake of clicking on one of the malicious goo.gl links you are ultimately taken to a website which attempts to scare you into believing that you have a virus problem on your computer. You are then frightened into installing malicious code on your PC, and asked to pay money to disinfect your systems.

Sophos is adding detection of the malware as…

Read more in my article on the Naked Security website.

Found this article interesting? Follow Graham Cluley on Twitter or Mastodon to read more of the exclusive content we post.


Graham Cluley is a veteran of the cybersecurity industry, having worked for a number of security companies since the early 1990s when he wrote the first ever version of Dr Solomon's Anti-Virus Toolkit for Windows. Now an independent analyst, he regularly makes media appearances and is an international public speaker on the topic of cybersecurity, hackers, and online privacy. Follow him on Twitter, Mastodon, Bluesky, or drop him an email.

What do you think? Leave a comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.