Twitter users might stumble upon direct messages (DMs), apparently coming from their friends, that read: lol ur famous now [Link]. This is part of a scheme that’s designed to advertise a shady Facebook app which leads to a nasty piece of malware. Read More ..
The link contains the word “FailVids,” most likely with the purpose of making victims believe that they ended up on a funny videos website.
Once the link from the DM is clicked, the victims are taken to a Facebook application page where they’re required to enter their Twitter credentials. By handing over their usernames and passwords, users are basically giving cybercriminals access to their accounts, allowing them to further advertise the shady app via direct messages.
But the scheme doesn’t end after the Sign In button is pressed. Internauts are taken to a website – woot.tweetelf.info – where a fake YouTube video window is displayed.