Stories
Slash Boxes
Comments

SoylentNews is people

Android Botnet Relies on Twitter for Commands

posted by janrinok on Friday August 26 2016, @11:34AM   Printer-friendly
from the checks-and-balances dept.

Arthur T Knackerbracket has found the following story:

Twitter users aren't the only ones checking the microblogging service for important updates. Android malware is starting to do so, too.

One maker of Android malware is using Twitter to communicate with infected smartphones, according to security firm ESET.

The company discovered the feature in a malicious app called Android/Twitoor. It runs as a backdoor virus that can secretly install other malware on a phone.

Typically, the makers of Android malware control their infected smartphones from servers. Commands sent from those servers can create a botnet of compromised phones and tell the malware on all the phones what to do.

The makers of Android/Twitoor decided to use Twitter instead of servers to communicate with the infected phones. The malware routinely checks certain Twitter accounts and reads the encrypted posts to get its operating commands.

Lukas Stefanko, an ESET researcher, said in a Wednesday blog post that this was an innovative approach.  It removes the need to maintain a command and control server, and the communications with the Twitter accounts can be hard to discover.

"It's extremely easy for the crooks to re-direct communications to another freshly created account," he said.

[...] So far, Android/Twitoor has been found downloading versions of mobile banking malware to users' phones.

Original Submission

 
This discussion has been archived. No new comments can be posted.
Android Botnet Relies on Twitter for Commands | Log In/Create an Account | Top | 13 comments | Search Discussion
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.

  • (Score: 2, Informative) by Anonymous Coward on Friday August 26 2016, @02:16PM

    by Anonymous Coward on Friday August 26 2016, @02:16PM (#393483)

    True, but this malware checks multiple accounts, and I would assume it can update it's list of accounts to check, so it's going to be a cat and mouse game so it's not as simple as just shutting off one account.

    Starting Score:    0  points
    Moderation   +2  
       Insightful=1, Informative=1, Total=2
    Extra 'Informative' Modifier   0  
    Total Score:   2  

  • (Score: 2) by TheRaven on Monday August 29 2016, @09:13AM

    by TheRaven (270) on Monday August 29 2016, @09:13AM (#394555) Journal
    Not really. One of my colleagues took down a botnet by analysing the code, identifying the next C&C server domain, and registering it before the botnet author. He was then in the slightly awkward position of being in control of a botnet and having to try to get ethics committee and legal approval to do something with it (like, for example, uninstall the malware. The only thing that they'd approve in the end was displaying a message saying 'you are infected with...'). More modern malware avoids this by having the owner register the domains long in advance, and as long as you've always registered a couple before they're used you can send a new algorithm for generating the names. With this model, if someone works out the algorithm then Twitter can (at no cost to themselves) register every single account that will be generated and send them a shutdown message.
    --
    sudo mod me up