ESET is an IT security company headquartered in Bratislava, Slovakia has recently launched the alert for a new threat, called Android / Twitter consisting of a backdoor with the ability to download other malware to an infected machine.
Beware! First Twitter-controlled Android Botnet Discovered
ESET launches the alert for a new threat, called Android / Twitter consisting of a backdoor with the ability to download other malware to an infected machine.
This malicious app can be easily found in any Android application store and spreads via SMS or malicious URLs. It appears as an app like “Porn Player” or MMS application, but without their functionality.
After released, hiding its presence in the system and contact the pre-selected Twitter account at regular intervals for command lines. Based on these, so it can easily download other infected applications or change the C & C ( command & control ) a Twitter account to another.
Lukas Stefanko, ESET’s malware analyst who discovered this malicious app, says that “the new threat use Twitter instead of C & C servers which are extraordinarily innovative for an Android botnet.”
The malware that enslaves devices to form botnets has to be able to receive updated instructions. As we all know that communication has always been an Achilles heel for any botnet that can raise suspicions and eliminate bots, which is always lethal to the operation of any botnet. Additionally, if the C & C servers are caught by the authorities, the action may lead to the disclosure of information about the entire botnet.
To strengthen communication of the botnet Twitter, the botnet designers have taken several steps to encrypt its messages using complex network topologies C & C or through the use of innovative media, among which stands out the use of social networks.
These communication channels are difficult to find and even more problematic to block permanently. On the other hand, it is very easy for the criminals to redirect communications to another and finish creating the account.
Within the Windows system, Twitter (founded in 2006) was initially used to control botnets (since 2009). Some Android bots were also discovered that were being controlled by other non-traditional media blogs or some of the cloud messaging systems such as Google or Baidu but Twitter is the first Twitter-based malware. Lukas Stefanko adds that “we can expect in the near future, these criminals can use the status of Facebook, Linkedin or other networks.”
Currently, the Twitter trojan was downloading various versions of online banking malware. However, the botnet operators can start distributing other types of malware, including ransomware, at any time, warned Stefanko.
“The Twitter serves as another example of how cybercriminals continue to innovate their business,” said the analyst. “The conclusion? Internet users must use increasingly better security solutions for both their computers and for mobile devices”.