Story image

ESET discovers new Android botnet controlled by Twitter

29 Aug 2016

ESET has discovered the first-ever Twitter-controlled Android botnet. 

According to the security firm, reseaerchers have discovered an Android backdoor Trojan that is controlled by tweets.

Detected by ESET as Android/Twitoor, it’s the first malicious app using Twitter instead of a traditional command-and-control (C&C) server, the company explains.

After launch, the Trojan hides its presence on the system and checks the defined Twitter account in regular intervals for commands.

Based on received commands, it can either download malicious apps or change the C&C Twitter account to another one.

“Using Twitter to control a botnet is an innovative step for an Android platform,” says Lukáš Štefanko, the ESET malware researcher who discovered the malicious app.

According to Štefanko, communication channels based on social networks are hard to discover and impossible to block entirely, while simultaneously being extremely easy for the crooks to re-direct communications to another account.

Twitter was first used to control Windows botnets in 2009. 

“As for the Android space, this means of hiding has remained untapped until now. In the future, however, we can expect that the bad guys will try to make use of Facebook statuses or deploy LinkedIn and other social networks,” says Štefanko.

Štefanko says Android/Twitoor has been active since July, 2016. It can’t be found on any official Android app store, but probably spreads by SMS or via malicious URLs.

It impersonates a porn player app or MMS application but without the functionality, Štefanko explains. Instead, it has been downloading several versions of mobile banking malware.

However, the botnet operators can start distributing other malware at any time, including ransomware, according to Štefanko.

“Twitoor serves as another example of cyber criminals innovating their business. Internet users should keep on securing their activities with good security solutions for both computers and mobile devices,” says Štefanko.

Survey: IT pros nostalgic over on-prem data centre visibility
There are significant security and monitoring challenges faced by IT staff responsible for managing public and private cloud deployments.
61% of CIOs believe employees leak data maliciously
Egress conducted a survey to examine the root causes of employee-driven data breaches, their frequency, and impact.
Opinion: BYOD can be secure with the right measures
Companies that embrace BYOD are giving employees more freedom to work remotely, resulting in increased productivity, cost savings, and talent retention.
Sonatype and HackerOne partner on open source vulnerability reporting
Without a standard for responsible disclosure, even those who want to disclose vulnerabilities responsibly can get frustrated with the process.
OutSystems and Boncode team up for better code analysis
The Boncode and OutSystems alliance aims to help organisations to build fast and feel comfortable that the work they're delivering is at peak quality levels.
Security top priority for Filipinos when choosing a bank - Unisys
Filipinos have greatest appetite in Asia Pacific to use biometrics to access banking services
Nuance biometrics fight back against fraud
Nuance Communications has crunched the numbers and discovered that it has prevented more than US$1 billion worth of fraud from being passed on to users of its Nuance Security Suite.
Attacks targeting Cisco Webex extension explode in popularity - WatchGuard
WatchGuard's Internet Security Report for Q4 2018 also finds growing use of a new sextortion phishing malware customised to individual victims.