Twitter Accounts Control Botnet of Android Devices

A new mobile malware strain has been identified, which uses the Twitter for controlling a botnet comprising the Android phones as well as tablets. This Trojan, recognized as Twitoor, is supposed to be first to use social network for coordinating the infected devices rather than the command-and-control (C&C) server.

After downloading the malware, it hides as well as on a regular basis checks in with a malicious Twitter account for commands. These instructions directed the Trojan to either download or install more malicious applications, or shift to a diverse C&C Twitter account. As per ESET, the app may spread as SMS or through malicious URLs.

C&C servers are the centralized computers issuing commands to connected network of computers infected with malware, which are under the control of cybercriminals and are used for committing cybercrime, normally known as zombie army or a botnet. These botnets are required to receive updated instructions constantly. Malicious software is frequently recognized by the fact that it is communicating with an unknown URL.

Cybercriminals prefer the malware to receive instructions through Twitter because of many reasons: communication process of Command-And-Control server is more detectable and conspicuous, and if authorities seize the servers of C&C, it possibly will expose the whole botnet, the ESET explains. For the time being, communication channels of Twitter "are hard to discover and even harder to block entirely [and] it's extremely easy for the crooks to redirect communications to another freshly created account", as explained in a blog post by Stefanko posted on the securityintelligence.com on August 24th, 2016.

Researchers of ESET said that the discovery reveals that methods are adapted by cybercriminals to defeat the security defenses. Lukas Stefanko, researcher of ESET, who has discovered botnet, said that "using Twitter instead of command-and-control servers is pretty innovative for an Android botnet".

ESET malware researcher, Lukas Stefanko, told that we can expect the cybercriminals of using other social networks, like Linkedln and Facebook, to control the botnets.

Stefanko added: "Twitoor serves as another example of how cybercriminals keep on innovating their business. The takeaway? Internet users should keep on securing their activities with good security solutions for both computers and mobile devices".

» SPAMfighter News - 8/31/2016