Categories: CyberCrimeSecurity

Security Researchers Discover First Twitter-Controlled Botnet

The first ever Twitter-controlled botnet has been discovered by security experts at ESET, who claim the backdoor is downloading malware onto infected Android devices.

Twitoor is a backdoor that is able to install dodgy malware and has been active for around a month, said ESET.

Porn and MMS

While the app isn’t listed on the official Android app store, it spreads to users by SMS and malicious URLs, impersonating porn players or MMS applications.

ESET said that on launch, the app masks its presence and checks the phone’s Twitter account for commands from a control server, acting as part of a botnet. When commands are received, it can download more malicious apps.

“Using Twitter instead of command-and-control (C&C) servers is pretty innovative for an Android botnet,” said Lukáš Štefanko, the ESET malware researcher who discovered the malicious app.

As malware that takes down devices to form botnets needs to receive instructions, that communication channel is vital to their survival, said ESET.

And to make the Twitoor botnet’s communication more resilient, botnet designers encrypted their messages and used innovative means for communication, among them the use of social networks, said ESET.

“These communication channels are hard to discover and even harder to block entirely. On the other hand, it’s extremely easy for the crooks to re-direct communications to another freshly created account,” said Štefanko.

Other non-traditional means of controlling Android bots have already been found in blogs or cloud messaging systems, said ESET, but Twitoor is the first Twitter-based bot malware, according to Štefanko.

“In the future, we can expect that the bad guys will try to make use of Facebook statuses or deploy LinkedIn and other social networks”, states ESET’s researcher.

Twitoor has been found downloading versions of mobile banking malware. However, the botnet operators can start distributing other malware, including ransomware, at any time, warned Štefanko.

“Twitoor serves as another example of how cybercriminals keep on innovating their business,” Stefanko continues. “The takeaway? Internet users should keep on securing their activities with good security solutions for both computers and mobile devices.”

Take our cybersecurity quiz here!

Ben Sullivan

Ben covers web and technology giants such as Google, Amazon, and Microsoft and their impact on the cloud computing industry, whilst also writing about data centre players and their increasing importance in Europe. He also covers future technologies such as drones, aerospace, science, and the effect of technology on the environment.

Recent Posts

Craig Wright Sentenced For Contempt Of Court

Suspended prison sentence for Craig Wright for “flagrant breach” of court order, after his false…

2 days ago

El Salvador To Sell Or Discontinue Bitcoin Wallet, After IMF Deal

Cash-strapped south American country agrees to sell or discontinue its national Bitcoin wallet after signing…

2 days ago

UK’s ICO Labels Google ‘Irresponsible’ For Tracking Change

Google's change will allow advertisers to track customers' digital “fingerprints”, but UK data protection watchdog…

2 days ago

EU Publishes iOS Interoperability Plans

European Commission publishes preliminary instructions to Apple on how to open up iOS to rivals,…

3 days ago

Momeni Convicted In Bob Lee Murder

San Francisco jury finds Nima Momeni guilty of second-degree murder of Cash App founder Bob…

3 days ago