news

Twitter API keys that enable account takeover are being exposed by over 3,200 mobile apps

Recently 3207 such mobile apps were identified by Cybersecurity researchers of security firm CloudSEK that not only expose Twitter API keys of common users but also help attackers so that the attackers can easily hijack those accounts that are connected with these apps.

How much more dangerous this can prove to be, maybe everyone must have guessed it because after this no one’s Twitter account seems to be safe because people are still unaware of these mobile apps.

Twitter API keys

If you also use Android mobile, then do you know that Alienbot and MRAT are very dangerous malware-spreading apps that are found on Google’s Play Store, and these apps are completely under the control of the attacker and they hack the verified Twitter accounts without any trouble with the help of these apps.

So keeping all these things in mind, analysts at security firm CloudSEK have targeted a large number of applications that are used to perform tasks like a potential data breach, as a result, thousands of valid user keys and user private secrets have been obtained for the Twitter API.

So let us now try to find out the real facts behind all this, whenever developers integrate a Twitter account with a mobile application, a special type of authentication key is used to allow them to interact with the Twitter API. OR token is provided and the fact is that if they do not have this authentication key or token then they will not be able to make the application interact with the Twitter API.

whenever a mobile user connects his Twitter account to any such app, the same key will allow the app on behalf of those users to perform tasks such as logging in to Twitter, tweeting, sending private messages, etc., and perhaps this is also the reason, the secret keys that only users should know, which attackers obtain using their sly brains and then misuse them.

These secret keys are leaked because of the user’s mistake somewhere, knowingly or unknowingly, and the analysts of CloudSEK also tell that the users are behind all these API keys leaked because they forget to remove them before the product is released, and this is the reason why the credentials are automatically stored in the mobile application at the following locations

resources/res/values/strings.xml
source/resources/res/values-es-rAR/strings.xml
source/resources/res/values-es-rCO/strings.xml
source/sources/com/app-name/BuildConfig.java

CloudSEK analysts recommend all users to use API key rotation for special protection of user authentication keys so that as soon as users change their secret key, the previously saved key will automatically become invalid and the account will be completely safe.

Related News

Secret Sources of Rust-based Luca Stealer Malware available on Hacker Forums

Malicious npm package steals Discord token & user credit card info

Windows Updates may be Break printing warned by Microsoft

SATA Cables WiFi Networks help to steal data from Computer

Radio network of Ukrain has breached shows fake about President Volodymyr Zelensky

About the author

Christopher Edwards

Hey This is Chris, I am a Malware researcher and security analyst. I love to find out about new threats and viruses and I started this website to teach people how to stay safe online. You will get all the latest malware removal tips and tricks here. You can also ask for any virus related problem in comment section or through our contact page.

Leave a Comment