"Malicious Memes", how a new type of malware is taking advantage of hidden code in Twitter images
Trend Micro security researchers have identified a new threat that they have called "malicious memes." Basically, it's a new type of malware that receives its code instructions hidden in memes posted on Twitter.
Cybercriminals exploiting this use an old technique (stenography) to hide malicious code in images and evade security, the novelty here is that they are using the technique in images that are shared in the social network.
Now, the malware itself is not downloaded from Twitter and the mechanism used to infect users, or where it comes from, or the intentions behind it has not yet been identified. It is a remote access Trojan that when infecting the computer can take screenshots and steal other system data that it then sends to its control server.
It seems to be an experiment
The authors of the malware identified by Trend Micro published two tweets with malicious memes last October through a Twitter account created in 2017. The memes contained an embedded command that the malware analyzes once it is downloaded to the computer of the victim.
Twitter Meme Capture Twitter account with malicious memes - Trend Micro
The interesting thing about all this is that the malware is using Twitter as a driver of information to communicate with its malicious central. For example, two tweets contained "/ print" commands on the images that told the malware to take a capture on the infected computer.
Loes memes could also contain commands to steal the contents of the computer's clipboard, file names in specific folders, or obtain a list of all the apps and processes running on the system.
There is still much to be learned to fully understand how the new threat works, researchers believe it could be a proof of concept for future attacks. The account was permanently suspended from Twitter after the Trend Micro report.
Cybercriminals exploiting this use an old technique (stenography) to hide malicious code in images and evade security, the novelty here is that they are using the technique in images that are shared in the social network.
Now, the malware itself is not downloaded from Twitter and the mechanism used to infect users, or where it comes from, or the intentions behind it has not yet been identified. It is a remote access Trojan that when infecting the computer can take screenshots and steal other system data that it then sends to its control server.
It seems to be an experiment
The authors of the malware identified by Trend Micro published two tweets with malicious memes last October through a Twitter account created in 2017. The memes contained an embedded command that the malware analyzes once it is downloaded to the computer of the victim.
Twitter Meme Capture Twitter account with malicious memes - Trend Micro
The interesting thing about all this is that the malware is using Twitter as a driver of information to communicate with its malicious central. For example, two tweets contained "/ print" commands on the images that told the malware to take a capture on the infected computer.
Loes memes could also contain commands to steal the contents of the computer's clipboard, file names in specific folders, or obtain a list of all the apps and processes running on the system.
There is still much to be learned to fully understand how the new threat works, researchers believe it could be a proof of concept for future attacks. The account was permanently suspended from Twitter after the Trend Micro report.
Comments
Post a Comment