Hackers use Memes on Twitter - Sending Secret commands as Malware
By MYBRANDBOOK
A new strain of malware has been discovered that takes its instructions from code hidden in memes posted to Twitter and takes screenshots of the infected system.
How does it work?
The hacker has been using “What if I told you” meme to secretly tell a Windows-based malware when to take screenshots from infected systems.
The malware quietly infects a vulnerable computer, takes screenshots and send it back to the malware’s command and control server. He has used steganography techniques to hide the command “/print” in the image, which told the malware when to take a screenshot of a system. The malware then obtains the address where its command and control server is located and send the screenshots back to the server.
Other hidden commands the hacker could’ve sent through the memes include “/clip” to capture clipboard copied content, and “/processors” to retrieve a list of running processes over the PC.
The malware itself is relatively underwhelming: like most primitive remote access trojans (RATs), the malware quietly infects a vulnerable computer, takes screenshots and pulls other data from the affected system and sends it back to the malware’s command and control server.
Twitter has disabled the hacker's account on its platform. But it isn't clear still not how the attacker was circulating the malware, a Trojanized .exe file.
With a reference to the Comments on a blog post from Ankush Johar, Director at Infosec Ventures, a venture fund that invests in innovative cybersecurity platforms that solve big problems. Current investments include bugsbounty.com, humanfirewall.io and emailauth.io.
Attackers are always trying to find new methods to work around detection systems such as anti-viruses, intrusion detection systems and anomaly detection systems, all of which are trained to detect certain kind of pattern/anomalies suggesting malware activity.
As seen in the past, hackers have been using use popular service like Google Drive, Dropbox etc to hide malware snippets and commands as these are websites that are generally not considered suspicious and that's the same reason why hacker has chosen Twitter in this case.
This goes on to show that even having the best detection and prevention system is not enough. Protecting from an infection in the first place is what is most important. Such malware mostly spread via pirated websites and phishing attacks. Humans are the weakest link in cybersecurity and hence that's the easiest link for hackers to exploit. The security of users lies in their own hands and the only way to be secure is to be vigilant and suspicious by nature.
Users are suggested to completely avoid pirated content based websites and stay extremely cautious with emails with attachments, links or asking to download a file. Having a good antivirus always helps but not more than having an eye for detecting phishing attacks.
Farrhad Acidwalla, founder of CYBERNETIV DIGITAL - Forward Thinking Cyber Security and Research, says: 2019 is here, and the quantum of global hacks has Internet consumers unquestionably more cognizant of security and privacy issues than they were a year or two ago. Twitter knows user trust is critical and notified users as a measure of transparency. While this took a hit on their stock price, consumers need platforms to be on top of incidents where global attacks could be distributed through them. While core Twitter was not hacked, the malicious attackers used it as a distribution platform to send commands to their malware on infected devices.
Twitter did not rule out the possibility of a state-sponsored background to this suspicious activity. The security community knows it has to stay ahead of the curve with the growing sophistication of attacks world over. The bright side here is that this has come to light before reaching any known mass exploitation.
The latest version of X helps prevent deepfakes on social medi
To combat deepfakes and shallowfakes, Elon Musk revealed a new update t...
India and Namibia collaborate on a payment system similar to U
Once operational, the platform will enable digital transactions in Namibia,...
Sebi issues show-cause notices to six Adani group firms
Sebi issued show-cause notices to six Adani Group firms, including Adani ...
Microsoft to build a new data centre to support Thailand's tec
Microsoft has revealed intentions to construct a regional data centre as w...
POLYCAB INDIA PVT. LTD.
GLOBUS INFOCOM LTD.
LAVA INTERNATIONAL LTD.
ATRIE TECHNOLOGY PVT. LTD.
Technology Icons Of India 2023: Natarajan Chandrasekaran
Natarajan Chandrasekaran is the Chairman of the Board of Tata Sons, th...
Technology Icons Of India 2023: Ashwini Vaishnaw
Ashwini Vaishnaw is an Indian politician and former IAS officer and is...
Technology Icons Of India 2023: Sunil Bharti Mittal
Sunil Bharti Mittal is the Founder and Chairman of Bharti Enterprises,...
NIC bridging the digital divide and supporting government in eGovernance
The National Informatics Centre (NIC) is an Indian government departme...
STPI encouraging software exports from India
Software Technology Parks of India (STPI) is an S&T organization under...
INDIANOIL helps reach precious petroleum fuels to every nook and corner of the country
IndianOil, a diversified, integrated energy major with presence in alm...
WPG C&C COMPUTERS & PERIPHERALS PVT. LTD.
WPG C&C Computers & Peripherals (India) was incorporated in 2008 and ...
FORTUNE MARKETING PVT. LTD.
Delhi based Fortune Marketing, An ISO 9001:2008 company, distributes ...
INTEGRA MICRO SYSTEMS PVT. LTD.
Integra is a leading provider of innovative hi-technology products an...