Cybercrimals attempting to take advantage of Twitter users curiosity over who visits their page are using a new form of bait that advertises the ability to track such visits.
The malware is being spread by spamming Twitter accounts with an ad that states their app, labeled 100 percent safe!, will track who visits your profile, according to Malwarebytes researcher Christopher Boyd. If the victim clicks on the ad they are taken to the website checkvisitss(dot)tk where the person is asked to "connect with Twitter" account credentials which will take them to the app install page.
The app asks to have access to several important abilities, including reading tweets, updating your profile and seeing who comes and goes from the account.
What happens to a person who falls victim is not entirely clear. Boyd noted that the scam is being used by different groups with some attempting to use their new found access to put ads in place, and while it has not been spotted some actors might try to download malware onto the computer through the affected computer.
Luckily, right now he said, “the main aggravation here is the knowledge that you installed something useless, and then started beaming said uselessness to all of your contacts. Not a great look, however you stack it.”
Boyd said the malware is easily removed as its just an app so any victims can just go to the apps tab in Twitter via Settings and Privacy and revoke the apps access.