Fake TweetDeck update preys on Twitter users

Graham Cluley
Graham Cluley
@[email protected]

TweetDeck upside-down icon
It was a Bank Holiday weekend here in the UK meaning that we had the pleasure of a longer break than normal, with Monday not being a normal working day.

But it appears that at least one bunch of criminals weren’t resting on their laurels as they spread links pointing to what they claimed was an update to the popular Twitter client, TweetDeck.

  • Hurry up for tweetdeck update!
  • Update TweetDeck! Bank Holiday
  • Critical tweetdeck update Bank Holiday
  • Sorry for offtopic, but it is a critical TweetDeck update. It won’t work tomorrow!

Tweet pointing to fake TweetDeck update

The tweets are being posted from hacked Twitter accounts, and do not link to a legitimate update for TweetDeck. Instead, unsuspecting users are putting themselves at risk of infection by a Trojan horse which Sophos detects as Troj/Agent-OOA.

Sign up to our free newsletter.
Security news, advice, and tips.

TweetDeck has reminded its users that they should only download updates from its official website.

It’s possible that the malicious hackers who spread the attack are taking advantage of Twitter ceasing support for basic authentication in their API today, meaning users have to be using a Twitter client which uses OAuth.

Regarding this particular attack, Twitter says it is resetting the passwords of accounts that it has seen distributing the dangerous link.

It’s curious seeing the mention of the Bank Holiday in the malicious tweets. I wonder how many people outside the UK were aware it was a public holiday here yesterday? TweetDeck itself is a British company, and mention of the Bank Holiday might lead one to suspect that the bad guys behind this attack are also based in the UK.

This isn’t the first time that the folks at TweetDeck have found themselves in the gunsights of the bad guys. Earlier this month they warned that a fake TweetDeck app had been uploaded to the Android Market.

Graham Cluley is an award-winning keynote speaker who has given presentations around the world about cybersecurity, hackers, and online privacy. A veteran of the computer security industry since the early 1990s, he wrote the first ever version of Dr Solomon's Anti-Virus Toolkit for Windows, makes regular media appearances, and is the co-host of the popular "Smashing Security" podcast. Follow him on Twitter, Mastodon, Threads, Bluesky, or drop him an email.

What do you think? Leave a comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.