Twitter as communication tool for botnets

ESET researchers discovered an Android backdoor Trojan controlled by tweets. Detected by ESET as Android/Twitoor, it’s the first malicious app using Twitter instead of a traditional command-and-control (C&C) server.

After launch, the Trojan hides its presence on the system and checks the defined Twitter account in regular intervals for commands. Based on received commands, it can either download malicious apps or change
the C&C Twitter account to another one.

“Using Twitter to control a botnet is an innovative step for an Android platform,” says Lukáš Štefanko, the ESET malware researcher who discovered the malicious app.

First appearance of twitter-controlled botnets though was discovered in 2009, as mentioned in the article.

Comparing Twitter to other social media like Facebook, blogs (WordPress, Tumblr), Twitter stands out as a massive communication protocol – everyone talks with everyone, the message format is defined, limited by size. Twitter’s been used as a communication tool in many occurrences, either helping people as “Twitter monitoring of decease outbreaks“, or organising massive manifestations in Taksim square, Turkey.

twitter_cover

No wonder, why we ended up seeing Twitter as botnet communication tool.

In those days, I posed the concept that Twitter should not be a company alone. It should be an open protocol much like HTTP or email protocols (IMAP/POP). There should be an adopted industry standard that Twitter, the company, should and could (and still can) champion and work through with the guidance of other industry members.

It’s been published in 2012. Four years later, we’re witnessing the results, and more interesting things to come. There have been rumours that Twitter isn’t profitable, but tools it developed will evolve in the community anyway. Ideas get their niche and evolve in new products.

Leave a Reply