Profile Spy rogue application spreads virally on Twitter

Twitter users are once again finding themselves on the receiving end of an attack more often experienced by their Facebook-using cousins: a rogue application attack spreading virally across the network.

Thousands of Twitter users have fallen into the trap of allowing a third party application called “Profile Spy” to access their Twitter accounts, after believing that they would be able to find out who has been viewing their tweets.

Wow! See who viewed your twitter with Profile Spy

Wow! See who viewed your twitter with Profile Spy [LINK]

Sign up to our free newsletter.
Security news, advice, and tips.

Of course, there’s no such way to tell who has been reading your Twitter posts – but that hasn’t stopped thousands and thousands of Twitter users from clicking on the link, and granting “Profile Spy” permission to post messages from their account.

Rogue app requests permission to access your Twitter account

If you are foolhardy enough to allow the app to continue, you’ll find that you are instantly tweeting out messages to your Twitter followers, encouraging them to also click on the link.

Twitter account compromised by rogue application

In this way, the scam spreads virally and very quickly across the network.

The motive for the scam is, unsurprisingly, to make money for the scammers behind it. They pop-up a survey and demand that you complete it before they will reveal details of who has been viewing your Twitter messages.

Twitter survey scam

Hopefully by now all of your alarm bells will be ringing, but if you do continue to complete the survey you will be helping the scammers earn commission.

If you were unfortunate enough to grant the Profile Spy app access to your Twitter account, revoke its rights immediately by going to the Twitter website and visiting Settings/Connections and revoking the offending app’s rights.

Revoke rogue application

Don’t encourage the bad guys to distribute scams like this, and always exercise caution about which third party apps you allow to connect with your social networking accounts.

If you’re on Twitter and want to learn more about threats, be sure to follow Naked Security’s team of writers.

Graham Cluley is an award-winning keynote speaker who has given presentations around the world about cybersecurity, hackers, and online privacy. A veteran of the computer security industry since the early 1990s, he wrote the first ever version of Dr Solomon's Anti-Virus Toolkit for Windows, makes regular media appearances, and is the co-host of the popular "Smashing Security" podcast. Follow him on Twitter, Mastodon, Threads, Bluesky, or drop him an email.

What do you think? Leave a comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.