The first Android botnet: ESET researchers have discovered a backdoor Trojan that attacks Android and is controlled via tweets. Detected by ESET as Android / Twitoor, it is the first malicious application to use Twitter instead of the traditional C&C (command-and-control) server.
Once launched, the Trojan hides its presence on the system and checks the specified Twitter account at regular intervals for commands. Based on the received commands, it can either download malicious ones applications or change it C&C account Twitter in another.
"Using Twitter to control a botnet is an innovative step for the Android platform" notes the Closeš Štefanko, the researcher malware of ESET who discovered the malicious application.
According to Štefanko, τα κανάλια επικοινωνίας που βασίζονται στα κοινωνικά networks they are difficult to detect and impossible to block completely, while at the same time it is extremely easy for fraudsters to re-direct communication to another account.
The Twitter was first used for testing botnets of Windows the 2009. "About the space Android, this means of concealment has remained untapped so far. In the future, though statuses, we can expect that the "bad guys" will try to make use of them Facebook status or exploit it LinkedIn and other social networks, Štefanko.
The Android / Twitoor is active since July of 2016. It can not be found in any official app store Android - according to Štefanko- but rather spreads through SMS or through malicious URL. An application is being played porn player the application MMS αλλά χωρίς την λειτουργικότητα. Αντ' αυτού, κατεβάζει διάφορες εκδόσεις malicioussoftware for mobile banking. However, those who manage it botnet they can start spreading other malware at any time, including ransomware, according to Štefanko.
"The Twitoor is another example of the fact that cyber criminals are constantly innovating. Internet users should keep their business safe with good security solutions for both computers and mobile devices, concludes Closeš Štefanko.
More information on the relevant blogpost on blog of ESET, WeLiveSecurity.