Les experts en sécurité de la société ESET ont découvert un nouveau botnet sous Android contrôlé par Twitter : Android/Twitoor
Android/Twitoor is a backdoor capable of downloading other malware onto an infected device. It has been active for around one month. This malicious app can’t be found on any official Android app store – it probably spreads by SMS or via malicious URLs. It impersonates a porn player app or MMS application but without having their functionality.
Mais le plus important est la manière dont ce malware prend ces ordres :
After launching, it hides its presence on the system and checks the defined Twitter account at regular intervals for commands. Based on received commands, it can either download malicious apps or switch the C&C Twitter account to another one.
C'est une première pour l'expert en sécurité Lukáš Štefanko :
Using Twitter instead of command-and-control (C&C) servers is pretty innovative for an Android botnet
et de rajouter que demain cela pourrait être via n'importe quel réseau social tel que Facebook ou LinkedIn
In the future, we can expect that the bad guys will try to make use of Facebook statuses or deploy LinkedIn and other social networks
Source : WeLiveSecurity, le blog des experts de la société ESET
