14 DAY TRIAL // Security researchers warn of a new Twitter phishing attack luring users with a rogue application that promises to show them who are their stalkers on the site.
The spam messages posted from already compromised accounts read: "Twitter finally released an app that tracks your 'Stalkers' get it here [link]"
Clicking on the link takes users to an external page where they are asked to give an app called StalkTrak access to their Twitter profile.
The app's description claims that it can view who is stalking your Twitter, read tweets from your timeline, see who you follow, and follow new people, update your profile, post tweets for you, and access your direct messages.
That is an extensive set of permissions, the first of which is obviously fake, because Twitter doesn't have any stalking-related features.
"If you make the mistake of entering your username and password then you will handing over the keys to your account to phishers, who would then be able to use your account to read your private messages, send messages (perhaps spam-related or containing malicious links) to your followers," warns Sophos security expert Graham Cluley.
So-called stalker apps that can determine who viewed a user's profile most often have long been used as a lure in Facebook scams.
This is not the first time when such apps have been used to trick Twitter users either. Back in April, an app called "Profile Spy" which claimed to have much of the same functionality spread virally on the microblogging site.
Other fake apps spotted on Twitter included one to count unfollowers and one to count the total time spent on the site. All of them were part of malicious scams. People who fell for this latest attack are advised to change their passwords on Twitter as well as on any other services where they might have used them.