Tuesday, December 18, 2018

Security researchers said they’ve found a new kind of malware that takes its instructions from code hidden in memes posted to Twitter.

The malware itself is relatively underwhelming: like most primitive remote access trojans (RATs), the malware quietly infects a vulnerable computer, takes screenshots and pulls other data from the affected system and sends it back to the malware’s command and control server.

What’s interesting is how the malware uses Twitter as an unwilling conduit in communicating with its malicious mothership.

Trend Micro said in a blog post that the malware listens for commands from a Twitter account run by the malware operator. The researchers found two tweets that used steganography to hide “/print” commands in the meme images, which told the malware to take a screenshot of an infected computer. The malware then separately obtains the address where its command and control server is located from a Pastebin post, which directs the malware where to send the screenshots — 10/10 points for creativity, that’s for sure.

The researchers said that memes uploaded to the Twitter page could have included other commands, like “/processos” to retrieve a list of running apps and processes, “/clip” to steal the contents of a user’s clipboard and “/docs” to retrieve filenames from specific folders.

The malware appears to have first appeared in mid-October, according to a hash analysis by VirusTotal, around the time that the Pastebin post was first created.

But the researchers admit they don’t have all the answers, and more work needs to be done to fully understand the malware. It’s not clear where the malware came from, how it infects its victims or who’s behind it. It’s also not clear exactly what the malware is for — or its intended use in the future. The researchers also don’t know why the Pastebin post points to a local, non-internet address, suggesting it may be a proof-of-concept for future attacks.

Although Twitter didn’t host any malicious content, nor could the tweets result in a malware infection, it’s an interesting (although not unique) way of using the social media site as a clever way of communicating with malware.

The logic goes that in using Twitter, the malware would connect to “twitter.com,” which is far less likely to be flagged or blocked by anti-malware software than a dodgy-looking server.

After Trend Micro reported the account, Twitter pulled the account offline, suspending it permanently.

It’s not the first time malware or botnet operators have used Twitter as a platform for communicating with their networks. Even as far back as 2009, Twitter was used as a way to send commands to a botnet. And, as recently as 2016, Android malware would communicate with a predefined Twitter account to receive commands.



from TechCrunch https://ift.tt/2Erz8Vq

Related Posts:

  • LATEST TECHNOLOGY NEWS Before you watch The Silence trailer Netflix just released, we'll tell you that the plot looks strikingly similar to A Quiet Place. In both, the world is under attack from creatures who hunt prey by sound, and one family ove… Read More
  • LATEST TECHNOLOGY NEWS Just after the Christchurch shooting I came across an article explaining how to make your Twitter, Facebook and YouTube accounts block violent videos. How-tos like this are depressingly necessary, because while Facebook remo… Read More
  • LATEST TECHNOLOGY NEWS Sega isn't stopping the international release of Judgment despite halting Japanese sales over a voice actor's arrest for cocaine use. The company has confirmed that Ryu Ga Gotoku's PS4 legal drama is still coming to the West… Read More
  • LATEST TECHNOLOGY NEWS Sony is reportedly getting ready to pull up some of its stakes in the smartphone business. According to Nikkei Asian Review, the major tech manufacturer is planning to cut up to half of its smartphone workforce by 2020. The … Read More
  • LATEST TECHNOLOGY NEWS You knew Texture wasn't long for this world once Apple News+ arrived -- and sure enough, the end is in sight. Texture has warned subscribers that its all-you-can-read magazine service will end on May 28th, 2019. You'll have … Read More

0 comments:

Post a Comment

Followers

Contact Form

Name

Email *

Message *

Popular Posts

FOLLOW BY EMAIL

Enter your email address:

Delivered by FeedBurner