14 DAY TRIAL // ESET researchers said they'd discovered the first ever botnet of Android devices controlled via Twitter accounts used to broadcast control messages to infected handsets.
The botnet was built by infecting Android smartphones and tablets with the Twitoor malware, a backdoor trojan that's spread via SMS spam or apps from unofficial app stores.
Trojan spread via adult player and MMS viewer apps
ESET says the trojan is hidden inside apps mimicking MMS viewers and adult content players. These apps don't deliver any working functionality and hide their presence as soon as the user installs them.
The Twitoor trojan then checks a Twitter account at set intervals for new commands. The botnet's operator tweets out instructions, which are interpreted by the trojan and converted into a malicious action.
ESET has not described the exact technical capabilities of this trojan, but botnets are often used for DDoS attacks, pushing ads, pushing other malware, or sending SMS spam.
First ever Android botnet controlled via Twitter
This is the first time security researchers have seen an Android botnet controlled through Twitter profiles. Malware authors have created desktop malware in the past that has used Twitter for its command-and-control infrastructure. Other services such as Dropbox, GitHub, Baidu, or Google Docs have also been abused as well.
"In the future, we can expect that the bad guys will try to make use of Facebook statuses or deploy LinkedIn and other social networks," says Lukáš Štefanko, malware researcher for ESET, the man who discovered the botnet.
A particular feature of the Twitoor botnet is that the Twitter C&C accounts can at any time switch the botnet's control to a new account.
This allows crooks to evade detection by constantly switching from one account to another. Taking down the botnet's C&C accounts is impossible without a coordinated effort from Twitter's staff.