If you think only humans are checking their twitter accounts for updates, you are wrong. Now Android malware is also checking for the updates. A recent blog post from ESET states about a new kind of malware that is using Twitter to communicate with Android-device based botnet. Named Twitoor, the malware is first of its kind that uses social media account to control over infected devices instead of using a command-and-control server.
Twitoor has been active for about a month. It apparently hides on Android devices, awaiting commands from a malevolent Twitter account. Based on received commands, it can either download or install other malicious applications or switch to another command-and-control (C&C) Twitter account. While it can’t be found on Google Play Store, the devices are thought to be infected either via text messages or malicious URLs.
“Using Twitter instead of command-and-control (C&C) servers is pretty innovative for an Android botnet,” says Lukáš Štefanko, the ESET malware researcher who first detected the malicious app.
Štefanko has found the use of social media networks in the botnet’s communication quite innovative. “These communication channels are hard to discover and even harder to block entirely,” he said. “In the future, we can expect that the bad guys will try to make use of Facebook statuses or deploy LinkedIn and other social networks.”
So, friends, if you’re using Twitter in Android, do proceed with great caution. Who knows, your device may be controlled by an ill Twitter account.
