The rogue Twitter app is known as Profile Spy and gets installed by people who are tricked into believing it can tell them who has been viewing their online microposts. “Wow! See who viewed your twitter with Profile Spy,” the come-on reads.
Those who click on the link are asked to allow the app to access and update their account data. Once they do so, they are presented with an unending series of popups for online surveys and ads promoting car insurance, long distance services and games, according to Errata Security CEO Rob Graham, who blogged about the worm on Monday.
Suckers will also find two new posts added to their tweet stream: one that claims to say how many people have viewed the user’s profile over the past day and the aforementioned tweet attempting to trick others into installing the rogue app.
Based on Twitter searches, the scam has generated plenty of posts, though at time of writing, most Tweets appeared to be warning others not to fall for the scam. Similar scams have been hitting Facebook for weeks now.
Those who fall for the scam are advised to revoke Profile Spy’s access to their account data. To do so, go to Profile > Edit your profile > Connections and click the button that says Revoke Access