| Title | Android Botnet Relies on Twitter for Commands | |
| Date | Friday August 26 2016, @11:34AM | |
| Author | janrinok | |
| Topic | ||
| from the checks-and-balances dept. | ||
Twitter users aren't the only ones checking the microblogging service for important updates. Android malware is starting to do so, too.
One maker of Android malware is using Twitter to communicate with infected smartphones, according to security firm ESET.
The company discovered the feature in a malicious app called Android/Twitoor. It runs as a backdoor virus that can secretly install other malware on a phone.
Typically, the makers of Android malware control their infected smartphones from servers. Commands sent from those servers can create a botnet of compromised phones and tell the malware on all the phones what to do.
The makers of Android/Twitoor decided to use Twitter instead of servers to communicate with the infected phones. The malware routinely checks certain Twitter accounts and reads the encrypted posts to get its operating commands.
Lukas Stefanko, an ESET researcher, said in a Wednesday blog post that this was an innovative approach. It removes the need to maintain a command and control server, and the communications with the Twitter accounts can be hard to discover.
"It's extremely easy for the crooks to re-direct communications to another freshly created account," he said.
[...] So far, Android/Twitoor has been found downloading versions of mobile banking malware to users' phones.
| Links |
printed from SoylentNews, Android Botnet Relies on Twitter for Commands on 2024-04-24 08:17:41