Flawed Twitter code present in thousands of iOS apps makes users vulnerable to man-in-the-middle attacks. As a result, attackers can hijack Twitter accounts and compromise other apps linked to the "login with Twitter" feature. Once "inside" they can post to the targets Twitter account, read past private messages and retweet the tweets of other users. At fault is a flawed Twitter API, which although replaced by Twitter a year ago, is still used in 45 most popular iOS mobile apps in Germany and thousands other worldwide.
A victim of Muhstik ransomware strain hacked the attackers and released 2,858 decryption keys, as well as a free decryptor.