Android malware uses Twitter to stealthily infect devices



A new Android malware has emerged that leverages Twitter accounts to infect devices. Called Android/Twitoor, the malware is active since July this year and gets active through an SMS or some malicious URLs.

Researchers at IT security company ESET have discovered the Android malware. “Using Twitter to control a botnet is an innovative step for an Android platform,” said Lukáš Štefanko, ESET Malware Researcher, in a statement.

“This means of hiding has remained untapped until now. In the future, however, we can expect that the bad guys will try to make use of Facebook statuses or deploy LinkedIn and other social networks,” Štefanko added.

The malware checks a pre-defined Twitter account at regular intervals to push commands on Android devices. Using the same commands, some malicious apps can be installed on the hardware. Certain commands can also help attackers switch from one command-and-control (C&C) Twitter account to another.

Similar to the recent Linux trojan, the Android malware can gain the backdoor access to form botnets. This army of botnets makes communication not just easier but more resilient for attackers than any traditional C&C sever.

Štefanko claims that it is “extremely easy” to re-direct communications to a new Twitter account. Thus, a malicious attack can be generated in an almost anonymous form.

This is not the first time when Twitter is used by malware. Windows-based botnets were found to use the microblogging network back in 2009.


Please enter your comment!
Please enter your name here