The world's first Android botnet based on Twitter broke the news
Tell everyone a "good news". Now not only Twitter users can check Weibo information services to get new news, but Android malware is also beginning to use this mechanism to get malicious instructions.
According to the latest report from ESET Security, an Android malware developer is using Twitter to send malicious commands to infected smartphones. The company's security researchers discovered this feature in a piece of malware called "Twitoor". This malware can silently install other malware on the infected target phone. There is no doubt that this is definitely a Trojan horse backdoor on the Android side.
Traditional malware control methods
Usually, Android malware developers will use remote control servers to Control the infected smartphone. Attackers will first use these servers to send control commands to infected phones, and then use these phones to form a botnet. In short, in a traditional attack scenario, the attacker mainly uses a remote server to control the malware in the target phone, and sends control commands to the malware to control the infected phone.
What can an attacker use Twitter for?
However, the developers of Twitoor did not intend to use the C&C server to communicate with the infected mobile phone. Surprisingly, Twitoor can use the Twitter social network to control target users' Android smartphones. This malware will periodically check the specified Twitter account, and then read the control commands from the encrypted tweets posted by the Twitter account.
Lukas Stefanko is a security researcher at ESET. He mentioned in a blog post published this Wednesday: This is a very novel attack method, and the attacker does not need to maintain a command and control system. Servers (C&C), they can directly use Twitter accounts to send instructions to malware, and the use of such a control method can also greatly reduce the probability of malware being detected.
The first Twitter-based Android botnet
ESET pointed out that the botnet is currently the first Android botnet that uses Twitter to send control commands. As we all know, Twitter officially entered people's field of vision in 2006, and the first Windows botnet controlled by Twitter appeared in 2009.
Before this, there have been many malicious software that control Android broilers through non-traditional means. These malicious software can spread malicious control commands through blogs, Google cloud systems, and Baidu cloud systems. But in Stefanko's view, only Twitoor is the first malware based on the Twitter social network to spread control commands.
ESET security researchers said that Twitoor has not been detected in the major Android application markets, so attackers are likely to spread this malware through malicious links.
Actually, Twitoor is a Trojan horse backdoor that can download other malicious software from infected smart devices, and this Trojan horse backdoor has been active for a month. This malicious application is a variant of the virus Twitoor.A. Considering that security researchers have not detected Twitoor in any official Android application market, experts speculate that the attacker is likely to be through malicious text messages or malicious URL links. Way to infect the user’s cell phone. It can pretend to be pornographic video playback software or MMS client, and use this to lure users into being fooled. Of course, Twitoor certainly does not have the above two functions.
After Twitoor is launched, it will immediately enter the "invisible" state, and then check a specific Twitter account regularly and obtain it from the account control commands. When Twitoor receives the command sent by the attacker, it will complete different tasks according to the different requirements of the command. For example, it can download other malware, change the Twitter account used to receive commands, and so on.
The emergence of Twitoor is also enough to prove that the current cybercriminals are constantly improving their attack techniques. Because hackers also know that if there is no technological innovation , Even hackers will be eliminated by the market. As for the countermeasures, the majority of Internet users can install security protection software on their computers or smart devices, which can protect their own security to a certain extent."
ESET’s security Researchers said that after the emergence of Twitter-based botnets, we will likely see more hackers use Facebook, LinkedIn, and other social networking platforms to make a big fuss in the future. So please be prepared for security experts, because there will be more complex botnets in the near future.
This article is published by www.internetweblist.com and does not represent the position of www.internetweblist.com/：http://www.internetweblist.com/Web_defense/28680.html