IoT / New Android malware communicates with cyber criminals via Twitter
New Android malware communicates with cyber criminals via Twitter
25 August 2016 |
Cyber security researchers have found a new kind of Android malware that is controlled by hackers' Twitter accounts.
According to experts from ESET, Twitoor receives its commands through tweets, rather than through the usual command and control servers.
They found that the malware checks a predefined account for messages telling it to download further malware onto its victims' devices through a backdoor.
The tweets can also tell it to monitor a different Twitter account in future.
“Using Twitter instead of command and control servers is pretty innovative for an Android botnet,” said ESET’s Lukas Stefanko, who discovered the malicious app.
The app itself tricks users into installing it through malicious messages and URLs by posing as a multimedia messaging or porn player application.
It is believed to be the first Android botnet to communicate via Twitter.
As well as communicating via social media, the researchers said Twitoor also encrypts its messages to help protect its network from the authorities.
According to Stefanko, the backdoor has so far been used to download mobile banking malware, although its operators could use it for other attacks.
“Twitoor serves as another example of how cyber criminals keep on innovating their business,” he said. “The takeaway? Internet users should keep on securing their activities with good security solutions for both computers and mobile devices.”
Last week, it was revealed that a Linux vulnerability has left as many as 80 per cent of Android smartphones vulnerable to spying from cyber criminals.
Android users are also frequently warned about rogue apps.
ESET’s researchers previously uncovered a series of apps on Google Play that tried to trick users out of their money and personal details.
And in July, it was revealed that an Android HTML development tool was actually malware that stole users’ media files and personal information from their devices.
For more on Twitoor, see the ESET blog.
Latest posts by Matt Smith (see all)
- 60 per cent of firms use advanced technology without proper security - 20th March 2017
- WhatsApp flaw let hackers hijack accounts with image trick - 16th March 2017
- 70 per cent of firms struggle to secure data outside the office - 16th March 2017
- Insecure code putting business data at risk - 14th March 2017
- Internet of Things ransomware on the rise - 14th March 2017