The scheme is designed to steal credentials and spread malware
The malicious Facebook app called “Twitter Video” is back. However, this time it’s spread via Twitter direct messages (DMs) that read: “what on earth could you be doing in our movie.”The scam is very similar to last time. The DMs contain a link which points to a Facebook app that urges users to hand over their Twitter credentials in order to use the “Twitter Video” application.
After they enter their usernames and passwords, victims are taken to a fake YouTube video page where they’re prompted to install YouTube Player.
The “player” is actually a piece of malware. However, according to GFI Labs experts, the malicious element doesn’t have anything to do with the Umbra botnet (as last time) and it’s not designed to communicate over the Web or steal information.
Either way, users are advised to steer clear of such direct messages since they not only end up handing over their Twitter accounts to crooks, but they also infect their computers with a piece of malware.