Indian copycat version of Twitter, Koo, has recently been ravaged by a virus that could have exposed its hundreds of users to attacks across the platform.
The virus was discovered by security researcher Rahul Kankrale in July, and Prasoon Gupta, an independent security researcher.
In an interview with The Hacker News, Mr Gupta explained that the virus came from the way Koo processes access tokens when a user’s profile is verified through the one-time password (OTP) sent to their phone numbers.
The virus allows malicious scripts to be embedded directly into the application. This way, an attacker can perform actions on behalf of users such as accessing web browser cookies.
This also means that hackers could place sensitive data such as private messages, or spread misinformation, or display spam using users’ profiles.
This virus stands to affect the accounts of top government functionaries, presidential aides, agencies, and other pro-government individuals taken to Koo.
Koo, launched in November 2019, positioned itself as a government friendly alternative to Twitter after the Buhari regime indefinitely banned Twitter for deleting a tweet by the president threatening to punish secessionists in the South-East region of the country.
The federal government demanded that all social media platforms operating within the country must register as a business entity locally. These were the same conditions that were laid down for the lifting of the ban on Twitter.
The Nigerian government abandoned its Twitter account with over a million followers, for the Indian copycat version known for promoting hate and anti-Muslim rhetoric.
The Buhari regime’s adoption of the social media app has boosted Koo standings, with the platform recently featuring Mr Buhari in its advertisements, claiming to offer exclusive access to Nigeria’s president.