Security researcher Adam Sculthorpe today released details of a large, sophisticated attack being referred to as Vanity Phishing due to the way the malware payload is delivered.
Unlike email phishing, the attack targets users searching for their own name, or Twitter handle on Google and other search engines.
The attack attempts to steal Twitter login credentials, and deliver a number of payloads in several different ways.
The vanity phishing system gets deployed to a compromised web server that’s already indexed in Google, a set of scripts are then executed that create a unique web page for each targeted user.
Landing pages are stuffed with Google friendly metadata, and optimized for Twitter name and handle.
These malicious pages get indexed in Google very quickly, within a few hours of creation.
Content of the pages speak directly to the targeted Twitter account holder, hence “vanity phishing”. The call-to-action varies, but it’s aim is to gain access to the Twitter account email, username and password.
So far this attack seems to be focused solely on Twitter, but there’s likely other variants targeting other social platforms.
For updates follow @asculthorpe on Twitter.