• Skip to main content
  • Skip to primary sidebar

Real Entrepreneur News

Daily Entrepreneur News

New malware pulls its instructions from code hidden in memes posted to Twitter

December 17, 2018 by News Desk Leave a Comment

New malware pulls its instructions from code hidden in memes posted to Twitter

Security researchers said they’ve found a new kind of malware that takes its instructions from code hidden in memes posted to Twitter.

The malware itself is relatively underwhelming: like most primitive remote access trojans (RATs), the malware quietly infects a vulnerable computer, takes screenshots and pulls other data from the affected system and sends it back to the malware’s command and control server.

What’s interesting is how the malware uses Twitter as an unwilling conduit in communicating with its malicious mothership.

Trend Micro said in a blog post that the malware listens for commands from a Twitter account run by the malware operator. The researchers found two tweets that used steganography to hide “/print” commands in the meme images, which told the malware to take a screenshot of an infected computer. The malware then separately obtains the address where its command and control server is located from a Pastebin post, which directs the malware where to send the screenshots.

10/10 points for creativity, that’s for sure.

The researchers said that memes uploaded to the Twitter page could have included other commands, like “/processos” to retrieve a list of running apps and processes, “/clip” to steal the contents of a user’s clipboard, and “/docs” to retrieve filenames from specific folders.

The malware appears to have first appeared in mid-October, according to a hash analysis by VirusTotal, around the time that the Pastebin post was first created.

But the researchers admit they don’t have all the answers, and more work needs to be done to fully understand the malware. It’s not clear where the malware came from, how it infects its victims, or who’s behind it. It’s also not clear exactly what the malware is for — or its intended use in the future. The researchers also don’t know why the Pastebin post points to a local, non-internet address, suggesting it may be a proof-of-concept for future attacks.

Although Twitter didn’t host any malicious content, nor could the tweets resulted in a malware infection, it’s an interesting (although not unique) way of using the social media site as a clever way of communicating with malware.

The logic goes that in using Twitter, the malware would connect to “twitter.com,” which is far less likely to be flagged or blocked by anti-malware software than a dodgy-looking server.

After Trend Micro reported the account, Twitter pulled the account offline, suspending it permanently.

It’s not the first time malware or botnet operators have used Twitter as a platform for communicating with their networks. Even as far back as 2009, Twitter was used as a way to send commands to a botnet. And, as recently as 2016, Android malware would communicate with a predefined Twitter account to receive commands.

Published at Mon, 17 Dec 2018 17:48:26 +0000

Filed Under: News

Reader Interactions

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Primary Sidebar

Recent Posts

  • IBM CEO Arvind Krishna wants to completely transform his organization
  • Accelerators embrace change forced by pandemic
  • Apple updates Mac Mini with Apple-designed M1 chip
  • A theatre of dominance
  • HBO releases a wellness-focused AR app to promote ‘His Dark Materials’

Recent Comments

    Archives

    • November 2020
    • October 2020
    • September 2020
    • August 2020
    • July 2020
    • June 2020
    • May 2020
    • April 2020
    • March 2020
    • February 2020
    • January 2020
    • December 2019
    • November 2019
    • October 2019
    • September 2019
    • August 2019
    • July 2019
    • June 2019
    • May 2019
    • April 2019
    • March 2019
    • February 2019
    • January 2019
    • December 2018

    Categories

    • News
    • Video

    Meta

    • Log in
    • Entries feed
    • Comments feed
    • WordPress.org

    Copyright © 2021 · News Pro on Genesis Framework · WordPress · Log in