Skip to main content

Tweets of fear used to spread malicious viruses online

5 February 2021

Stock image of online warning sign

Cybercriminals are preying on emotions of fear to spread dangerous viruses and spyware across Twitter, new research has revealed.

Scientists from Cardiff University have shown, for the first time, that tweets containing malicious links are more likely to contain negative emotions, and that it is the content of the tweet that increases the likelihood of it being liked and shared, as opposed to the number of followers of the poster.

Cybercriminals are increasingly using this method, known as a ‘drive-by download attack’, to hide a malicious URL in an enticing tweet and using it as clickbait to lure users to a malicious Web page.

Once a user’s system is infected, sensitive information is exposed to unauthorised users and their machines can be used to carry out further attacks.

The team say the results show that even with Twitter’s security measures, malicious URLs can still be missed and that this gap is big enough to expose millions of users to malware over a short period of time.

They believe the new findings could be used to create a type of filter to help reduce the amount of tweets fed into the detection software, thus increasing the chance of picking up dangerous tweets.

The new study has been published in the journal ACM Transactions on the Web.

As part of the study, the team analysed a random sample of around 275k from a corpus of over 3.5m tweets that were sent during seven major sporting events – the 2014 FIFA World Cup, the 2015 and 2016 Superbowl, the 2015 Cricket World Cup, the 2015 Rugby World Cup, UEFA EURO 2016 and the 2016 Olympics.

“Large sporting events are known to attract a huge number of social media users, giving cybercriminals an excellent opportunity to lure a large number of people to their malicious Web sites,” said lead author of the study Dr Amir Javed, from Cardiff University’s Centre for Cyber Security Research.

The team identified 105,642 tweets containing malicious URLs and 169,178 tweets containing benign URLs from this dataset, and then used sophisticated computer models to estimate how these tweets survived across the platform 24 hours after the sporting event.

Tweets that were classified as benign were more likely to spread if a user had a large number of followers and the tweet contained positive emotions such as “team”, “love”, “happy”, “enjoy” and “fun”.

However, the results showed that malicious tweets were not strongly associated with the number of followers of the poster and were more likely to spread when the content of the tweet contained negative emotions.

Tweets that reflected fear were 114% more likely to be retweeted, with words such as “kill”, “fight”, “shot,” and “controversy” regularly included in tweets containing malicious URLs.

“These results suggest that cybercriminals are carefully selecting words to be included in their tweets, where a keyword could trigger an emotional arousal using negative emotions such as fear, anger, or sadness which would encourage people to share the tweet and click on the link,” continued Dr Javed.

“A similar association has been found between the content of fake news and emotions, where negative emotions were more likely to help propagate the fake news.”

Professor Pete Burnap, Director of the Centre for Cyber Security Research, and member of the UK’s AI Council commented: “This is another fantastic example of the work our team is doing to predict and control cyber attacks through innovations in artificial intelligence. We’re putting real world use at the heart of our research activity, and we hope our findings provide food for thought as people go about their everyday activities on social media”

Share this story

The School is research-led with a reputation for excellent teaching and internationally accomplished research activities.