Cyber Security researchers from Trend Micro have recently found a new variant of malware which takes instructions from memes posted to Twitter. Experts have found that the malware infection has the ability to take down vulnerable computers, pulls stored data on the PC and then transmits it back to the malware’s command and control servers.
The interesting point discovered in this whole cyber activity is the way the malware spreading hackers are using Twitter as a communication conduit to link infected PC to the malicious servers.
Trend Micro says that the malware takes instructions from a bunch of twitter accounts run by the malware operators by using Steganography in tweets. Firstly, they use the said technique to take screenshots of an infected PC and then separately obtain the address of the malware spreading server’s location from the Pastebin post, which then directs the malware to take screenshots.
Note- Steganography is a process where text commands are concealed in meme images. So, the malware takes commands via images hidden in the Twitter handles.
Some memes uploaded to the twitter page might also contain other commands such as “/processos”-which helps retrieve the list of running apps and processes; “/clip”- which helps steal the text and numbers on a user’s clipboard and “/docs” to retrieve filenames from precise folders.
Presently, the researchers from Trend Micro do not have answers for questions such as where the malware came from, who devised it and who all were infected…?
Since, the twitter handles did not host any malicious codes or the tweets did not result in malware infections, blaming the social media platform for spreading the malicious content will be unjustified.
However, the latest finding helps the world know how hackers are using social media platforms to communicate with malware.
Note 1- Based on the request of Trend Micro, some of the twitter accounts which were communicating with the malware spreading servers were disabled on a permanent note.
Note 2- Similarly in the year 2009, Twitter was used o send commands to botnets resulting in multiple cyber attacks.
Note 3- In the year 2016, researchers discovered that a certain variant of Android malware was getting commands from Twitter to execute and infect devices.