New Android malware communicates with cyber criminals via Twitter -TEISS® : Cracking Cyber Security

IoT / New Android malware communicates with cyber criminals via Twitter

New Android malware communicates with cyber criminals via Twitter

Cyber security researchers have found a new kind of Android malware that is controlled by hackers' Twitter accounts.

According to experts from ESET, Twitoor receives its commands through tweets, rather than through the usual command and control servers.

They found that the malware checks a predefined account for messages telling it to download further malware onto its victims' devices through a backdoor.

The tweets can also tell it to monitor a different Twitter account in future.

“Using Twitter instead of command and control servers is pretty innovative for an Android botnet,” said ESET’s Lukas Stefanko, who discovered the malicious app.

The app itself tricks users into installing it through malicious messages and URLs by posing as a multimedia messaging or porn player application.

It is believed to be the first Android botnet to communicate via Twitter.

As well as communicating via social media, the researchers said Twitoor also encrypts its messages to help protect its network from the authorities.

According to Stefanko, the backdoor has so far been used to download mobile banking malware, although its operators could use it for other attacks.

“Twitoor serves as another example of how cyber criminals keep on innovating their business,” he said. “The takeaway? Internet users should keep on securing their activities with good security solutions for both computers and mobile devices.”

Last week, it was revealed that a Linux vulnerability has left as many as 80 per cent of Android smartphones vulnerable to spying from cyber criminals.

Android users are also frequently warned about rogue apps.

ESET’s researchers previously uncovered a series of apps on Google Play that tried to trick users out of their money and personal details.

And in July, it was revealed that an Android HTML development tool was actually malware that stole users’ media files and personal information from their devices.

For more on Twitoor, see the ESET blog.

Photo © Johan Larsson (CC BY 2.0). Cropped.



Get the latest cyber news in your inbox

Join our community of cyber professionals today!