Researchers at Trend Micro have discovered a new form of virus that could pull valuable data from your desktops by using commands masked in memes on twitter. Trend Micro – a Japanese multinational IT Security company released a blogpost detailing what they’ve found so far.
According to the report, the cybercriminals use twitter to inflict computers via Steganography. It is a technique in which a malicious payload is concealed inside an image to evade security solutions.
A pre-existing malware on the computer takes commands from memes on Twitter and executes the command. So far, two tweets from October 25th and 26th have shown such behavior. The researchers identified the malware to be a RAT (Remote Access Trojan) but of a rather primitive type.
As of right now, the malware is capable of taking screenshots and pulling data from the computer to and relaying the information. The malware then separately obtains the address where its command and control server is located from a Pastebin post, which directs the malware where to send the screenshots.
The researchers maintain that Twitter isn’t a cause for infection of the computer per se, but rather a conduit for delivering commands. They are still looking into how the computer got infected with the virus in the first place.
The memes were found to have only a “/print” command embedded into them. Twitter has so far, taken down the posts and has suspended the user – “Bomber” permanently. But this technique could have had more disastrous outcomes had the hacker used commands such as “/processos”, “/clip.” “/docs”, or “/username”. It was also found that the Pastebin post points to a local, non-internet address. Some believe that this was just a proof of concept and that the cybercriminals plan on building something more mischievous.
