Cybersecurity researchers discovered a new kind of malware that pull its instructions from code hidden in memes posted to Twitter.
After running a malware analysis on the threat, researchers concluded that the malware quietly infects a vulnerable computer then takes screenshots and pulls other data from the affected system and sends it back to the malware’s C&C server.
Remember everything can be hacked. In order to stay away from any threats related to the cyber world, we recommend the install of antivirus for Windows or antivirus for Mac on every device that you own, depending on which OS your device is running. If you are a company, it is also recommended to hire every year a specialized cybersecurity company that will run annual tests on your company’s network. These tests include penetration testing and ethical hacking tests;
The malware would connect to “twitter.com,” which by default is not flagged or blocked by anti-malware software, from where it retrieves code instructions.
Once the malware infects a device, it uses Twitter domain reputation to doge the detection from the infected device. Experts are saying that embedding code inside memes is a great way to evade network-based detection solutions.
Twitter and other well-known services such as Dropbox, Tumblr and BitTorrent can be used to communicate as a C&C with the malware. Using trusted applications such as file-sharing services, and sites like Twitter enables C&C servers to blend in with normal traffic and fly under the radar. Once this has taken place, and the threat has infiltrated an organization, it can be very hard to detect and mitigate its effects.
Keep in mind that our modern society is dependent on computers, mobile devices, and the use of the internet always stay safe and secured.
We would continue to monitor the cybersecurity world. Meanwhile, users should keep a keen eye out for any cyber attacks. Remember to use an antivirus for Windows or antivirus for Mac in every device that you own, depending on which OS your machine is running, If you are a company we recommend to hire every year a specialized cybersecurity company that will run annual tests on your company’s network, tests like this include: penetration testing and ethical hacking.