Security researchers said they’ve found a new kind of malware that takes its instructions from code hidden in memes posted to Twitter. The malware quietly infects a vulnerable computer, takes screenshots and pulls other data from the affected system and sends it back to the malware’s command and control server.
The logic goes that in using Twitter, the malware would connect to “twitter.com,” which is far less likely to be flagged or blocked by anti-malware software than a dodgy-looking server.
Commenting on the effectiveness of this stealthy form of malware, and how users and organisations can defend against it, is Maor Hizkiev, CTO and co-founder at BitDam.
Maor Hizkiev, CTO and Co-founder at BitDam:
“Once the malware is installed on the machine, there are endless ways it can evade detection and bypass security solutions. In this case, using Twitter prevents domain reputation solutions from detecting the attack. Moreover, embedding code inside memes is a great way to evade network-based detection solutions.
Besides Twitter, other well-known services such as Dropbox, Tumblr and BitTorrent can be used to communicate as a C&C with the malware. Using trusted applications such as file-sharing services, and sites like Twitter enables C&C servers to blend in with normal traffic and fly under the radar. Once this has taken place, and the threat has infiltrated an organisation, it can be very hard to detect and mitigate its effects. Therefore, I believe that the highest ROI an organisation can receive in defending against this kind of attack is to invest in in a solution that stops it at source and, in doing so, prevents it from reaching the end-user.”