Tuesday, December 18, 2018

Security researchers said they’ve found a new kind of malware that takes its instructions from code hidden in memes posted to Twitter.

The malware itself is relatively underwhelming: like most primitive remote access trojans (RATs), the malware quietly infects a vulnerable computer, takes screenshots and pulls other data from the affected system and sends it back to the malware’s command and control server.

What’s interesting is how the malware uses Twitter as an unwilling conduit in communicating with its malicious mothership.

Trend Micro said in a blog post that the malware listens for commands from a Twitter account run by the malware operator. The researchers found two tweets that used steganography to hide “/print” commands in the meme images, which told the malware to take a screenshot of an infected computer. The malware then separately obtains the address where its command and control server is located from a Pastebin post, which directs the malware where to send the screenshots — 10/10 points for creativity, that’s for sure.

The researchers said that memes uploaded to the Twitter page could have included other commands, like “/processos” to retrieve a list of running apps and processes, “/clip” to steal the contents of a user’s clipboard and “/docs” to retrieve filenames from specific folders.

The malware appears to have first appeared in mid-October, according to a hash analysis by VirusTotal, around the time that the Pastebin post was first created.

But the researchers admit they don’t have all the answers, and more work needs to be done to fully understand the malware. It’s not clear where the malware came from, how it infects its victims or who’s behind it. It’s also not clear exactly what the malware is for — or its intended use in the future. The researchers also don’t know why the Pastebin post points to a local, non-internet address, suggesting it may be a proof-of-concept for future attacks.

Although Twitter didn’t host any malicious content, nor could the tweets result in a malware infection, it’s an interesting (although not unique) way of using the social media site as a clever way of communicating with malware.

The logic goes that in using Twitter, the malware would connect to “twitter.com,” which is far less likely to be flagged or blocked by anti-malware software than a dodgy-looking server.

After Trend Micro reported the account, Twitter pulled the account offline, suspending it permanently.

It’s not the first time malware or botnet operators have used Twitter as a platform for communicating with their networks. Even as far back as 2009, Twitter was used as a way to send commands to a botnet. And, as recently as 2016, Android malware would communicate with a predefined Twitter account to receive commands.



from TechCrunch https://ift.tt/2Erz8Vq

Related Posts:

  • LATEST TECHNOLOGY NEWSA robot that matches its ping pong-playing skill level to its human opponent's is on show at CES. from BBC News - Technology http://ift.tt/2CUnv5P … Read More
  • LATEST TECHNOLOGY NEWSScientists are learning how to predict deadly mudslides. (After fires, when enough rain comes.) The next step: Figuring out how bad they’ll be. from Feed: All Latest http://ift.tt/2Dmq5CI … Read More
  • LATEST TECHNOLOGY NEWSA quirk of video compression lets spy targets see what the drone watching them sees. from Feed: All Latest http://ift.tt/2mn8NgB … Read More
  • LATEST TECHNOLOGY NEWSAs we wrap up at CES 2018, here's a peek into the massive gadget show through the lens of WIRED photographer Amy Lombard. from Feed: All Latest http://ift.tt/2EBLI1j … Read More
  • LATEST TECHNOLOGY NEWSNow the automaker must prepare for the age of the truly driverless car. from Feed: All Latest http://ift.tt/2mkhDvD … Read More

0 comments:

Post a Comment

Followers

Contact Form

Name

Email *

Message *

Popular Posts

FOLLOW BY EMAIL

Enter your email address:

Delivered by FeedBurner