Menu
This Android botnet relies on Twitter for its commands

This Android botnet relies on Twitter for its commands

The malware's developer is substituting Twitter accounts for a control server

Twitter users aren’t the only ones checking the microblogging service for important updates. Android malware is starting to do so, too.

One maker of Android malware is using Twitter to communicate with infected smartphones, according to security firm ESET.

The company discovered the feature in a malicious app called Android/Twitoor. It runs as a backdoor virus that can secretly install other malware on a phone.

Typically, the makers of Android malware control their infected smartphones from servers. Commands sent from those servers can create a botnet of compromised phones and tell the malware on all the phones what to do.

The makers of Android/Twitoor decided to use Twitter instead of servers to communicate with the infected phones. The malware routinely checks certain Twitter accounts and reads the encrypted posts to get its operating commands.

Lukas Stefanko, an ESET researcher, said in a Wednesday blog post that this was an innovative approach.  It removes the need to maintain a command and control server, and the communications with the Twitter accounts can be hard to discover.

“It’s extremely easy for the crooks to re-direct communications to another freshly created account,” he said.

ESET said this was first Twitter-controlled Android botnet it had ever found. Windows-based botnets using Twitter have been around since at least 2009.

ESET said Android/Twitoor hasn’t been detected in any app stores, so it probably spreads through malicious links sent to the victim. The malware pretends to be a porn player or multimedia messaging app, and it’s only been active for about a month.

So far, Android/Twitoor has been found downloading versions of mobile banking malware to users’ phones.

“In the future, we can expect that the bad guys will try to make use of Facebook statuses or deploy LinkedIn and other social networks,” Stefanko added.

Follow Us

Join the New Zealand Reseller News newsletter!

Error: Please check your email address.

Slideshows

IN PICTURES: Ingram Micro Innovation hits Auckland with Hewlett Packard Enterprise

IN PICTURES: Ingram Micro Innovation hits Auckland with Hewlett Packard Enterprise

Ingram Micro completed its nationwide roadshow in Auckland last month, kicking off its Innovation Hour series with Hewlett Packard Enterprise. Uncovering the latest in storage, networking and servers, the event outlined key market trends for resellers in 2016 and beyond.

IN PICTURES: Ingram Micro Innovation hits Auckland with Hewlett Packard Enterprise
IN PICTURES: FireEye celebrates channel at 2016 Partner Conference

IN PICTURES: FireEye celebrates channel at 2016 Partner Conference

FireEye welcomed 143 channel partners and distributors to FireEye's 2016 annual Partner Conference, FireEye A/NZ Momentum - held at Establishment in Sydney. Delegates heard from senior trans-Tasman channel leaders, marketing and the product divisions in the morning, with FireEye customers, incident responders and threat intelligence analysts sharing knowledge during the afternoon.

IN PICTURES: FireEye celebrates channel at 2016 Partner Conference
Show Comments