Categories: CyberCrimeSecurity

Security Researchers Discover First Twitter-Controlled Botnet

The first ever Twitter-controlled botnet has been discovered by security experts at ESET, who claim the backdoor is downloading malware onto infected Android devices.

Twitoor is a backdoor that is able to install dodgy malware and has been active for around a month, said ESET.

Porn and MMS

While the app isn’t listed on the official Android app store, it spreads to users by SMS and malicious URLs, impersonating porn players or MMS applications.

ESET said that on launch, the app masks its presence and checks the phone’s Twitter account for commands from a control server, acting as part of a botnet. When commands are received, it can download more malicious apps.

“Using Twitter instead of command-and-control (C&C) servers is pretty innovative for an Android botnet,” said Lukáš Štefanko, the ESET malware researcher who discovered the malicious app.

As malware that takes down devices to form botnets needs to receive instructions, that communication channel is vital to their survival, said ESET.

And to make the Twitoor botnet’s communication more resilient, botnet designers encrypted their messages and used innovative means for communication, among them the use of social networks, said ESET.

“These communication channels are hard to discover and even harder to block entirely. On the other hand, it’s extremely easy for the crooks to re-direct communications to another freshly created account,” said Štefanko.

Other non-traditional means of controlling Android bots have already been found in blogs or cloud messaging systems, said ESET, but Twitoor is the first Twitter-based bot malware, according to Štefanko.

“In the future, we can expect that the bad guys will try to make use of Facebook statuses or deploy LinkedIn and other social networks”, states ESET’s researcher.

Twitoor has been found downloading versions of mobile banking malware. However, the botnet operators can start distributing other malware, including ransomware, at any time, warned Štefanko.

“Twitoor serves as another example of how cybercriminals keep on innovating their business,” Stefanko continues. “The takeaway? Internet users should keep on securing their activities with good security solutions for both computers and mobile devices.”

Take our cybersecurity quiz here!

Ben Sullivan

Ben covers web and technology giants such as Google, Amazon, and Microsoft and their impact on the cloud computing industry, whilst also writing about data centre players and their increasing importance in Europe. He also covers future technologies such as drones, aerospace, science, and the effect of technology on the environment.

Recent Posts

UK’s CMA Readies Cloud Sector “Behavioural” Remedies – Report

Targetting AWS, Microsoft? British competition regulator soon to announce “behavioural” remedies for cloud sector

4 hours ago

Former Policy Boss At X Nick Pickles, Joins Sam Altman Venture

Move to Elon Musk rival. Former senior executive at X joins Sam Altman's venture formerly…

6 hours ago

Bitcoin Rises Above $96,000 Amid Trump Optimism

Bitcoin price rises towards $100,000, amid investor optimism of friendlier US regulatory landscape under Donald…

8 hours ago

FTX Co-Founder Gary Wang Spared Prison

Judge Kaplan praises former FTX CTO Gary Wang for his co-operation against Sam Bankman-Fried during…

9 hours ago