There are countless threats out there that can mean danger for your business, but one of the most innovative to date utilizes a malicious Twitter account to administer commands to a botnet made up of infected Android devices. In fact, this is widely considered the first threat to actively use a social network in this manner, making it a wake-up call for security professionals and social media users alike.
The app, called Twitoor, is a Trojan that hides on the device and constantly receives commands from its Twitter account. This could include downloading and installing malicious applications, stealing data, or switching to an alternative command-and-control Twitter account. Additionally, you cannot find Twitoor on the Google Play store. If you’re going to download it, you would have to click on a malicious link.
Botnets are commonly used by cyber criminals to spread malware across multiple devices. The idea is to spread their influence as far as possible by creating “zombie-bots” which can be enslaved and commanded to perform roles which one computer could not. Yet, a normal botnet leaves signs that can be used to detect where it’s getting its commands from. Security professionals are often able to find the source of the botnet and shut down the server administering the commands, but with Twitoor, this isn’t so simple.
Due to the fact that the Twitoor-infected systems are receiving information from an ever-shifting Twitter account, it’s able to largely avoid detection. ZDNet explains: “Those behind the malware have also taken additional steps to safeguard Twitoor, including encrypting messages to further obfuscate their activities.” This combination of tactics makes it much more difficult to detect and destroy at its roots, even for security professionals.
Thanks to criminals changing their ways in order to innovate and discover new ways to take advantage of tried-and-true hacking practices, you always need to be wary of malware infections and other online threats. You can never be too careful. We recommend that you contact OrLANtech, especially if you feel that your organization’s network security–including mobile devices–isn’t quite up to snuff.
In particular, we have a mobile device management solution that can help you keep a handle on your organization’s mobile devices. You can secure your devices through whitelisting and blacklisting apps, limiting access to crucial data, and remotely wiping infected systems so that the data found on them cannot be used or sold by hackers. The idea is to take measures to prevent infections in the first place, and promptly respond to infections that do find their way onto the devices.