Researchers Find Malware Concealed in Twitter Memes
Ami Rojkes Dombe
| 19/12/2018
https://blog.trendmicro.com/trendlabs-security-intelligence/cybercriminals-use-malicious-memes-that-communicate-with-malware/
Security researchers at Trend Micro said they had found a new kind of malware that takes its instructions from code hidden in memes posted to Twitter.
“Steganography, or the method used to conceal a malicious payload inside an image to evade security solutions, has long been used by cybercriminals to spread malware and perform other malicious operations. We recently discovered malicious actors using this technique on memes,” the company wrote in a blog post.
“The malware authors have posted two tweets featuring malicious memes on October 25 and 26 via a Twitter account created in 2017. The memes contain an embedded command that is parsed by the malware after it’s downloaded from the malicious Twitter account onto the victim’s machine, acting as a C&C service for the already-placed malware.
“This new threat (detected as TROJAN.MSIL.BERBOMTHUM.AA) is notable because the malware’s commands are received via a legitimate service (which is also a popular social networking platform), employs the use of benign-looking yet malicious memes, and it cannot be taken down unless the malicious Twitter account is disabled. Twitter has already taken the account offline as of December 13, 2018.
“Hidden inside the memes mentioned above is the “/print” command, which enables the malware to take screenshots of the infected machine. The screenshots are sent to a C&C server whose address is obtained through a hard-coded URL on pastebin.com.”
https://blog.trendmicro.com/trendlabs-security-intelligence/cybercriminals-use-malicious-memes-that-communicate-with-malware/
Security researchers at Trend Micro said they had found a new kind of malware that takes its instructions from code hidden in memes posted to Twitter.
“Steganography, or the method used to conceal a malicious payload inside an image to evade security solutions, has long been used by cybercriminals to spread malware and perform other malicious operations. We recently discovered malicious actors using this technique on memes,” the company wrote in a blog post.
“The malware authors have posted two tweets featuring malicious memes on October 25 and 26 via a Twitter account created in 2017. The memes contain an embedded command that is parsed by the malware after it’s downloaded from the malicious Twitter account onto the victim’s machine, acting as a C&C service for the already-placed malware.
“This new threat (detected as TROJAN.MSIL.BERBOMTHUM.AA) is notable because the malware’s commands are received via a legitimate service (which is also a popular social networking platform), employs the use of benign-looking yet malicious memes, and it cannot be taken down unless the malicious Twitter account is disabled. Twitter has already taken the account offline as of December 13, 2018.
“Hidden inside the memes mentioned above is the “/print” command, which enables the malware to take screenshots of the infected machine. The screenshots are sent to a C&C server whose address is obtained through a hard-coded URL on pastebin.com.”
