Compromised Twitter accounts have been used to post links to an exploit portal that poses as a download site for an update to TweetDeck, the popular micro-blogging client software package.
Malware lures pose as messages such as "Critical tweetdeck update Bank Holiday", a reference to a national holiday in the UK that may suggest the miscreants behind the ruse are based in Britain, net security firm Sophos notes.
Twitter is in the process of resetting the passwords of presumably compromised accounts distributing the dangerous links, which expose visitors to possible infection by Trojan horse malware.
Meanwhile TweetDeck - which has not issued an update - reiterated its standing advice that users should visit its website for patches. By default, TweetDeck updates are offered automatically following the publication of a security or stability update to the software, on Macs at least. ®