Drive-by exploit writers have been spotted using a popular Twitter command to send web surfers to malicious sites. According to researcher Denis Sinegubko, it s being added to heavily obfuscated redirection scripts injected into websites. The scripts, which redirect victims to drive-by websites that attempt to exploit unpatched vulnerabilities in programs such as Apple’s QuickTime, are being used to exploit vulnerabilities in apps such as Twitter apps and iOS software. State-sponsored actors may have been behind the social media abuse.
Source: https://threatpost.com/twitter-api-being-exploited-drive-malware-111209/73085/