Computer VIRUS

Beware.. This virus takes command from meme on twitter

520Views

A new virus hits android…

Security researchers said they’ve found a new kind of malware that takes its instructions from code hidden in memes posted to Twitter.

The malware itself is relatively underwhelming: like most primitive remote access trojans (RATs), the malware quietly infects a vulnerable computer, takes screenshots and pulls other data from the affected system and sends it back to the malware’s command and control server.

What’s interesting is how the malware uses Twitter as an unwilling conduit in communicating with its malicious mothership.

Trend Micro said in a blog post that the malware listens for commands from a Twitter account run by the malware operator. The researchers found two tweets that used steganography to hide “/print” commands in the meme images, which told the malware to take a screenshot of an infected computer.

The malware then separately obtains the address where its command and control server is located from a Pastebin post, which directs the malware where to send the screenshots — 10/10 points for creativity, that’s for sure.

READ  Airtel Reported '[email protected]' Answers for Organizations

The researchers said that memes uploaded to the Twitter page could have included other commands, like “/processes” to retrieve a list of running apps and processes, “/clip” to steal the contents of a user’s clipboard and “/docs” to retrieve filenames from specific folders.

The malware appears to have first appeared in mid-October, according to a hash analysis by VirusTotal, around the time that the Pastebin post was first created. But the researchers admit they don’t have all the answers, and more work needs to be done to fully understand the malware.

It’s not clear where the malware came from, how it infects its victims or who’s behind it. It’s also not clear exactly what the malware is for — or its intended use in the future. The researchers also don’t know why the Pastebin post points to a local, non-internet address, suggesting it may be a proof-of-concept for future attacks.

Although Twitter didn’t host any malicious content, nor could the tweets result in a malware infection, it’s an interesting (although not unique) way of using the social media site as a clever way of communicating with malware. The logic goes that in using Twitter, the malware would connect to “twitter.com,” which is far less likely to be flagged or blocked by anti-malware software than a dodgy-looking server.

READ  The Dreaded Melissa Virus

After Trend Micro reported the account, Twitter pulled the account offline, suspending it permanently. It’s not the first time malware or botnet operators have used Twitter as a platform for communicating with their networks. Even as far back as 2009, Twitter was used as a way to send commands to a botnet. And, as recently as 2016, Android malware would communicate with a predefined Twitter account to receive commands.

Ayeni Sylvester
the authorAyeni Sylvester

96 Comments

  • I think this is one of the most significant information for me. And i am glad reading your article. But should remark on some general things, The website style is wonderful, the articles is really excellent : D. Good job, cheers|

  • Wonderful article! That is the type of information that are meant to be shared across the net. Shame on Google for no longer positioning this post higher! Come on over and consult with my web site . Thanks =)|

  • Hi, I do believe this is a great site. I stumbledupon it ? I may come back once again since I book marked it. Money and freedom is the greatest way to change, may you be rich and continue to help others.|

  • Hello! I know this is somewhat off topic but I was wondering if you knew where I could find a captcha plugin for my comment form? I&#8217m using the same blog platform as yours and I&#8217m having problems finding one? Thanks a lot!

  • That is really attention-grabbing, You are an overly skilled blogger. I have joined your feed and look forward to in the hunt for more of your great post. Additionally, I have shared your site in my social networks|

  • Wonderful items from you, man. I have bear in mind your stuff previous to and you are just too excellent. I actually like what you have received right here, certainly like what you are stating and the way in which in which you are saying it. You make it entertaining and you continue to take care of to stay it sensible. I can not wait to read much more from you. This is actually a great website.|

  • I&#8217m really inspired together with your writing abilities as smartly as with the format in your weblog. Is this a paid topic or did you customize it yourself? Either way keep up the nice quality writing, it is uncommon to peer a great blog like this one these days..|

  • I’d ought to talk to you here. Which isn’t some thing I usually do! I spend time reading a post that will make people believe. Also, many thanks for permitting me to comment!

  • Hi, I do believe this is a great site. I stumbledupon it ? I may come back once again since I book marked it. Money and freedom is the greatest way to change, may you be rich and continue to help others.|

  • I’d ought to talk to you here. Which isn’t some thing I usually do! I spend time reading a post that will make people believe. Also, many thanks for permitting me to comment!

  • Does your blog have a contact page? I’m having trouble locating it but, I’d like to shoot you an email. I’ve got some suggestions for your blog you might be interested in hearing. Either way, great website and I look forward to seeing it grow over time.|

  • Wonderful items from you, man. I have bear in mind your stuff previous to and you are just too excellent. I actually like what you have received right here, certainly like what you are stating and the way in which in which you are saying it. You make it entertaining and you continue to take care of to stay it sensible. I can not wait to read much more from you. This is actually a great website.|

  • That is really attention-grabbing, You are an overly skilled blogger. I have joined your feed and look forward to in the hunt for more of your great post. Additionally, I have shared your site in my social networks|

  • Does your blog have a contact page? I’m having trouble locating it but, I’d like to shoot you an email. I’ve got some suggestions for your blog you might be interested in hearing. Either way, great website and I look forward to seeing it grow over time.|

  • Oh my goodness! an incredible article dude. Thanks Nonetheless I’m experiencing concern with ur rss . Don’t know why Unable to subscribe to it. Is there anybody getting an identical rss drawback? Anyone who is aware of kindly respond. Thnkx

  • I think this is one of the most significant information for me. And i am glad reading your article. But should remark on some general things, The website style is wonderful, the articles is really excellent : D. Good job, cheers|

  • Wonderful article! That is the type of information that are meant to be shared across the net. Shame on Google for no longer positioning this post higher! Come on over and consult with my web site . Thanks =)|

  • Hello! I know this is somewhat off topic but I was wondering if you knew where I could find a captcha plugin for my comment form? I&#8217m using the same blog platform as yours and I&#8217m having problems finding one? Thanks a lot!

  • I&#8217m really inspired together with your writing abilities as smartly as with the format in your weblog. Is this a paid topic or did you customize it yourself? Either way keep up the nice quality writing, it is uncommon to peer a great blog like this one these days..|

  • Oh my goodness! an incredible article dude. Thanks Nonetheless I’m experiencing concern with ur rss . Don’t know why Unable to subscribe to it. Is there anybody getting an identical rss drawback? Anyone who is aware of kindly respond. Thnkx

Leave a Reply

x