View all newsletters
Receive our newsletter - data, insights and analysis delivered to you
  1. Technology
  2. Cybersecurity
August 24, 2016

Twitter-controlled Android botnet takes over smartphones as hackers exploit social media

News: Social networks could be used increasingly in future, says ESET researcher.

By Alexander Sword

A new Android botnet has been discovered that uses Twitter instead of a command and control server.

Security company ESET discovered a malicious app which checks a Twitter account for instructions at regular intervals. ESET dubbed the Trojan ‘Twitoor’.

When launched on a device, it hides on the system and, depending on the commands it receives, it downloads malicious software such as mobile banking malware.

It could also be used in the future to distribute malware.

The app probably spreads as an SMS or via malicious URLs, according to ESET.

Command and control servers (C&C servers) are centralised computers that issue commands to a connected network of malware-infected computers which are controlled by cyber criminals and used to commit cyber crime, usually called a botnet or a zombie army.

These botnets need to receive constant up-to-date instructions. Often malicious software is identified by the fact that it is communicating with an unknown URL.

Content from our partners
Scan and deliver
GenAI cybersecurity: "A super-human analyst, with a brain the size of a planet."
Cloud, AI, and cyber security – highlights from DTX Manchester

The use of a Twitter account to control Android bots instead of a C&C server has several advantages. If the account is taken down, it is easy to create a new one and transfer the account that the app is monitoring to the new one.

It also means that there is no possibility that the authorities can seize a C&C server and uncover information about the entire botnet.

Lukáš Štefanko, a malware researcher at ESET said that the use of Twitter was “pretty innovative,” and said that we should expect cyber criminals to use other social networks such as Facebook and LinkedIn to control botnets.

Stefanko added: “Twitoor serves as another example of how cybercriminals keep on innovating their business. The takeaway? Internet users should keep on securing their activities with good security solutions for both computers and mobile devices.”

Twitter has previously been used to control botnets on Windows in 2009. However, according to Stefanko this is the first Twitter-based Android bot malware.


Websites in our network
Select and enter your corporate email address Tech Monitor's research, insight and analysis examines the frontiers of digital transformation to help tech leaders navigate the future. Our Changelog newsletter delivers our best work to your inbox every week.
  • CIO
  • CTO
  • CISO
  • CSO
  • CFO
  • CDO
  • CEO
  • Architect Founder
  • MD
  • Director
  • Manager
  • Other
Visit our privacy policy for more information about our services, how Progressive Media Investments may use, process and share your personal data, including information on your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.