Hackers Post Memes on twitter.com for issuing Commands to their Malware

Trend Micro the security company has detected one fresh kind of malware which gets back the commands of its controller via memes put up on Twitter. A somewhat ancient RAT (remote access trojan), the malicious program silently contaminates PCs affected with a security flaw, extracts certain kinds of data, and takes screenshots from the devices for transmitting all onto its command-and-control infrastructure.

Researchers at Trend Micro described the malicious program as waiting and executing instructions obtained from an A/C on Twitter that the program's controller runs. Hackers, with the aid of steganography, hid the command inside one particular meme within certain way which made it unnoticeable, suggesting the malware for transmitting certain screenshot onto the C&C server. Trend Micro stated that memes loaded onto twitter.com possibly contained other commands for instance "/docs" for recovering data-files from particular locations on the device, "/dip" for capturing data inside the end-user' clipboard, and "/processes" for getting back certain active processes and applications.

The malicious program, conversely, has been created for scanning the attacker's A/C on Twitter for image files and obtain the surreptitious instructions inside them. According to Mark Nunnikhoven Vice-President at Trend Micro, the malware creates just one word messages so they're easy for hiding within the layers of metadata and the real or original pixel layout in a way the image doesn't change. In.pcmag.com posted this, December 17, 2018.

Now, it isn't a lone instance when botnet/malware purveyors utilized Twitter to interact with other nodes on their networks. Way back in 2009, a botnet controller used Twitter through which he sent his commands. And lately in 2016, malicious software created for Android interacted with certain specifically designed account on Twitter for accepting instructions.

The researchers indicate much requires being done for comprehending the malware to the maximum, admitting they do not possess all the explanations. It isn't quite known about the malware's origin, what way it contaminates its targets, alternatively who is responsible for it. It isn't further known the exact purpose of the malware alternatively with what intention it would be utilized later on. Meanwhile, the hacker's A/C on Twitter has been deleted.

» SPAMfighter News - 12/21/2018