- Jun 9, 2013
- 6,720
A backdoor Trojan named Twitoor is the first instance of Android malware that receives its commands from a Twitter account
Keeping their botnet out of law enforcement’s and other criminals’ hands is imperative for botmasters if they want to keep earning. C&C servers are the norm, but they can be tracked down, seized by the authorities and, ultimately, reveal crucial information about the botnet, allowing them to shut it down or cripple it.
Twitter or other social media accounts as C&C sources offer way more flexibility.
“It’s extremely easy for the crooks to re-direct communications to another freshly created account,” says ESET malware researcher Lukáš Štefanko. “In the future, we can expect that the bad guys will try to make use of Facebook statuses or deploy LinkedIn and other social networks.”
He believes that the Twitoor backdoor is spread via SMS or malicious URLs, as there are no traces of it on Android app stores. It is usually hidden inside what professes to be a porn player app or MMS application.
Once it infects the target device, it hides itself and contacts the C&C Twitter account every so often.
Full Article. Twitter-controlled Android backdoor delivers banking malware - Help Net Security
Keeping their botnet out of law enforcement’s and other criminals’ hands is imperative for botmasters if they want to keep earning. C&C servers are the norm, but they can be tracked down, seized by the authorities and, ultimately, reveal crucial information about the botnet, allowing them to shut it down or cripple it.
Twitter or other social media accounts as C&C sources offer way more flexibility.
“It’s extremely easy for the crooks to re-direct communications to another freshly created account,” says ESET malware researcher Lukáš Štefanko. “In the future, we can expect that the bad guys will try to make use of Facebook statuses or deploy LinkedIn and other social networks.”
He believes that the Twitoor backdoor is spread via SMS or malicious URLs, as there are no traces of it on Android app stores. It is usually hidden inside what professes to be a porn player app or MMS application.
Once it infects the target device, it hides itself and contacts the C&C Twitter account every so often.
Full Article. Twitter-controlled Android backdoor delivers banking malware - Help Net Security
