Twitter users aren't the only ones checking the microblogging service for important updates. Android malware is starting to do so, too.
One maker of Android malware is using Twitter to communicate with infected smartphones, according to security firm ESET.
The company discovered the feature in a malicious app called Android/Twitoor. It runs as a backdoor virus that can secretly install other malware on a phone.
Typically, the makers of Android malware control their infected smartphones from servers. Commands sent from those servers can create a botnet of compromised phones and tell the malware on all the phones what to do.
The makers of Android/Twitoor decided to use Twitter instead of servers to communicate with the infected phones. The malware routinely checks certain Twitter accounts and reads the encrypted posts to get its operating commands.
Lukas Stefanko, an ESET researcher, said in a Wednesday blog post that this was an innovative approach. It removes the need to maintain a command and control server, and the communications with the Twitter accounts can be hard to discover.
"It's extremely easy for the crooks to re-direct communications to another freshly created account," he said.
[...] So far, Android/Twitoor has been found downloading versions of mobile banking malware to users' phones.
(Score: 0) by Anonymous Coward on Friday August 26 2016, @12:07PM
Using twitter is about as "innovative" as using noip or pastebin or tinyurl or any other service that tends to be highly available.
(Score: 2) by TheRaven on Friday August 26 2016, @12:54PM
sudo mod me up
(Score: 2, Informative) by Anonymous Coward on Friday August 26 2016, @02:16PM
True, but this malware checks multiple accounts, and I would assume it can update it's list of accounts to check, so it's going to be a cat and mouse game so it's not as simple as just shutting off one account.
(Score: 2) by TheRaven on Monday August 29 2016, @09:13AM
sudo mod me up
(Score: 1, Interesting) by Anonymous Coward on Friday August 26 2016, @01:38PM
Yeah if I wrote malware I'd try to use search engines to look for new instructions (verified by sigs of course). That way you can post commands anywhere on the Web. Problem of course are captchas. But millions search for famous stars all the time without getting those, so perhaps a combination of actress/actors names and non-related trending stuff might be good enough. Plus some delayed fallbacks e.g. Twitter, Reddit etc
(Score: 2, Informative) by Anonymous Coward on Friday August 26 2016, @02:17PM
There have been malware in the past that did things like search for specific strings on Google or other search engines and link to the server that appeared as the first response. Sometimes they try to cover how they are linking to something using a search engine too.
(Score: 0) by Anonymous Coward on Friday August 26 2016, @04:06PM
Not to mention there've been other botnets that already did this...