ESET launches the alert for a new threat, called Android / Twittor consisting of a backdoor with the ability to download other malware to an infected machine.
This malicious app can easily be found in any store Android applications and spreads via SMS or via malicious URLs. Appears as an app like “Porn Player” or MMS application, but without their functionality
Once released, hiding its presence in the system and contact the pre-selected Twitter account at regular intervals for command lines. Based on these, you can download other infected applications or change the C & C ( command & amp; control ). A Twitter account to another
Lukáš Stefanko, ESET’s malware analyst who discovered this malicious app, says: “. use Twitter instead of C & amp servers; C is remarkably innovative for a botnet Android”
The malware that enslaves devices to form botnets has to be able to receive updated instructions. Communication has always been the Achilles heel of any botnet- can raise suspicions and eliminate bots, which is always lethal to the operation of any botnet. Additionally, if the C & amp servers; C are caught by the authorities, the action may lead to the disclosure of information about the entire botnet
In order to strengthen the communication of the botnet Twitoor the. botnet designers have taken several steps to encrypt your messages using complex network topologies C & amp;. C – or through the use of innovative media, among which stands out the use of social networks
These communication channels are difficult to find and even more problematic to block permanently. On the other hand, it is very easy for criminals are able to redirect communications to another finished bill to create
Stefanko
Windows System Within, Twitter (founded in 2006 ) was initially used to control botnets (since 2009). Also discovered were some Android bots that were being controlled by other non-traditional media – blogs or some of the many cloud messaging systems such as Google or Baidu but Twitoor is the first Twitter-based malware. Lukáš Stefanko adds that “we can expect in the near future, these criminals can use the status of Facebook, doLinkedin or other networks.”
Currently, the Twitoor trojan was doing download various versions of online banking malware. However, the botnet operators can start distributing other types of malware, including ransomware, and at any time, Stefanko warned.
“The Twitoor serves as another example of as cybercriminals continue to innovate their business, “said the analyst. “The conclusion? Internet users must use increasingly better security solutions for both their computers and for mobile devices. “
No comments:
Post a Comment