SafeUM
Home Blog Services Download Help About Recharge

Axarhöfði 14, 110 Reykjavik, Iceland

Iceland - 2015
SafeUM
Blog
Services
Download
Help
About
Recharge
Menu
Archive
TOP Security!
26 Aug 2016

First Twitter-controlled Android botnet acts as backdoor to download malware

Security researchers have uncovered the first ever Twitter-controlled Android botnet, which acts as a backdoor to download malware onto infected devices. Dubbed Twitoor, the malicious app is not available on any official Android app stores.

Researchers believe that the botnet is possibly distributed via SMS or malicious URLs. According to cybersecurity firm ESET, the botnet is stealthy and capable of hiding its existence on infected devices. The botnet also masquerades as a porn player app or MMS app but does not come equipped with the functionalities of either.

"Using Twitter instead of command-and-control (C&C) servers is pretty innovative for an Android botnet," says Lukáš Štefanko, the ESET malware researcher who discovered the malicious app. Twitoor has been active for a month and has been downloading several variants of mobile banking malware. More alarmingly, the botnet is also capable of distributing ransomware any time in the future, according to ESET.

"Twitoor serves as another example of how cybercriminals keep on innovating their business. The takeaway? Internet users should keep on securing their activities with good security solutions for both computers and mobile devices," Štefanko cautioned.

The developers of the botnet have added encrypted messages and complex topologies of the C&C (command and control) servers such as using social media when communicating. These are aimed at avoiding any detection from security agents. These functionalities can also be viewed as a defence tactic to safeguard the C&C servers, which play a key role in such botnet-related cybercrime ventures.

According to ESET, the cybercriminals are specifically looking to enhance the resilience of the botnet's communications, as a seizure of C&C servers by authorities could eventually lead to a complete disclosure of the botnet's activities. "These communication channels are hard to discover and even harder to block entirely. On the other hand, it's extremely easy for the crooks to re-direct communications to another freshly created account. In the future, we can expect that the bad guys will try to make use of Facebook statuses or deploy LinkedIn and other social networks," Štefanko said.

Tags:
Android information leaks Twitter
Source:
IBTimes
1994
Other NEWS
3 Jul 2020 safeum news imgage An encrypted messaging service has been infiltrated by police
4 May 2020 safeum news imgage Two-Factor Authentication ​What Is It and Why You Should Use It
12 Dec 2019 safeum news imgage Encryption is under threat - this is how it affects you
4 Nov 2019 safeum news imgage Should Big Decisions Be Based on Data or Your Intuition?
7 Jun 2018 safeum news imgage VPNFilter malware infecting 500,000 devices is worse than we thought
4 Jun 2018 safeum news imgage Hackers target Booking.com in criminal bid to steal hundreds of thousands from customers
1 Jun 2018 safeum news imgage Operator of World's Top Internet Hub Sues German Spy Agency
30 May 2018 safeum news imgage US says North Korea behind malware attacks
29 May 2018 safeum news imgage Facebook and Google targeted as first GDPR complaints filed
25 May 2018 safeum news imgage A new reason to not buy these cheap Android devices
24 May 2018 safeum news imgage Flaws in smart pet devices, apps could come back to bite owners
23 May 2018 safeum news imgage Google sued for 'clandestine tracking' of 4.4m UK iPhone users' browsing data
21 May 2018 safeum news imgage LocationSmart reportedly leaked phone location data onto the web
18 May 2018 safeum news imgage The SEC created its own scammy ICO to teach investors a lesson
17 May 2018 safeum news imgage Thieves suck millions out of Mexican banks in transfer heist
All news
SafeUM
Confidential Terms of Use Our technologies Company
Follow us
Download
SafeUM © Safe Universal Messenger

Axarhöfði 14,
110 Reykjavik, Iceland

Iceland - 2015