Security researches have exposed yet an added instance of how cybercriminals cloak their malware activities as usual traffic by using legitimate cloud-based services. Trend Micro researchers have unveiled a new piece of malware that takes commands from memes posted on a Twitter account inhibited by the attackers.
Many Malware depends on communication with their command and control server to get instructions from attackers and perform different tasks on infected computers. Owing to security tools keeping an eye on the network traffic to spot malicious IP addresses, attackers are found to be using legitimated websites and servers as infrastructures in their attacks to make malicious software difficult to detect.
It is noticed that in recently spotted malicious scheme the hackers have used Steganography. It’s a technique through which content is hidden within a digital graphic image in a way that’s invisible to hide the malicious commands fixed in a meme posted on social networking site Twitter, which the malware then phrased and executed.
For human eyes the internet meme appears like a normal image, the print command is hidden in the metadata of file, which then prompts the malware to send a screenshot of the infected computer to a remote command and control server.
As per the trend Micro researchers, the questioned Twitter account was formulated in 2017 and had only two memes that were posted on October 25 and 26 had delivered print commands to the malware which instructed it to take screenshots. The malware was reported to send the screenshots to a command and control server whose address was obtained from a hard coded URL on the Pastebin site. In addition to taking screenshots, the malware is also given a plethora of distinct commands, for instance to get back a list of running processes, get the account name of the logged in user, get filenames from particular directories on an infected machine, and get a dump of the users clipboard.
It is thought that the malware was in the early stages of its development since the pastebin link refers to a local, private IP address. Another important notable thing was that the malware wasn’t downloaded from Twitter and researchers unfortunately haven’t found the specific mechanism used by attackers to offer the malware to the victims’ computer.
The amazing new is that the Twitter account used to deliver the malicious memes seems to have been disabled, but things are not still clear who is behind this malware and how the inexplicable hacker was circulating the malware.
If you have anything to say about this article, then you must open up by commenting below your review about the same.