There are as many as 3,200 mobile apps that expose developers’ Twitter account login credentials to the public: cyber crime could then exploit them to gain control of accounts and turn them into bots with which to carry out illicit activities.
Over 3200 apps affected
Cybersecurity specialist CloudSEK issue an alert about more than 3,200 iOS and Android apps that cyber crime could exploit to gain access to developers’ Twitter accounts and form an army of bots.
During penetration testing phases of online apps, authentication keys or tokens are inserted into the code so as to speed up developers’ work. However, CloudSEK found that in more than 3,000 Android apps, login credentials were not cleared before being published in the official Apple and Google stores.
In this way, the apps and thus the authentication keys are visible to the public with which cyber criminals could gain control of Twitter accounts. Some of these apps exceed 5 million downloads.
Misusing Twitter Accounts
Cyber crime could then access the Twitter accounts of users who have downloaded apps to the device and perform unintended activities on behalf of unsuspecting users. For example, hackers could read messages, remove followers, add likes, delete tweets or do retweets, follow other accounts, and change configurations.
It would even be conceivable to even create an army of bots to spread misinformation and malware, carry out cyber scams, and send phishing emails or text messages to steal personal information.
The advice that is always valid is the same: avoid downloading unnecessary apps because we extend the attack surface