Hackers Exploit Malware Attacks Through Twitter Memes

When it is about memes, people usually download them right away on their devices to share further. Posting memes on Facebook and Twitter has become something of a trend today. But, did you ever wonder you could also download malware with these memes? Researchers have discovered some malicious Twitter memes posted on an account that Twitter has since suspended.

Malicious Twitter Memes May Trigger Malware Attacks

According to a recent report, researchers at Trend Micro have found some malicious Twitter memes that hide malware. When a victim downloads such memes, the malware reaches the victim’s device and executes code without alerting the user.

The researchers explained that the hackers exploit this trick using Steganography. In this method, the author hides a malicious payload in an image to evade cybersecurity measures. According to Trend Micro, the hackers may now exploit the same trick via Twitter memes as well.

Reportedly, they noticed an old Twitter account posting memes on October 25, 2018, and October 26, 2018. Regarding how this malware could execute, they state,

“The memes contain an embedded command that is parsed by the malware after it’s downloaded from the malicious Twitter account onto the victim’s machine, acting as a C&C service for the already-placed malware.”

As stated, what makes the discovery significant is the reliability of the source bearing the malicious memes, that is, Twitter. Identified as TROJAN.MSIL.BERBOMTHUM.AA. Taking the malicious memes down seemed impossible without suspending the malicious Twitter account.

Explaining further about the malware, the researchers state that the images contained the “/print” command that triggers screenshots of the infected machine which ultimately reach the C&C server.

Apart from taking screenshots, the commands embedded in the image can also instruct the malware to gather system information, capture running processes and clipboard content, retrieve the username and “file names from a predefined path”.

Twitter Suspended The Suspicious Accounts

According to the researchers, Twitter has suspended the account posting these malicious memes on December 13, 2018. Nonetheless, the threat is not over since the malefactors can still exploit this technique through other Twitter accounts. They may also exploit other platforms like Facebook to spread malware.

However, what’s unique in this discovery is that the hackers have leveraged a legit platform that does not support malicious content. TechCrunch has given possible logic by stating:

“The logic goes that in using Twitter, the malware would connect to “twitter.com,” which is far less likely to be flagged or blocked by anti-malware software than a dodgy-looking server.”

Nonetheless, Trend Micro researchers confirm that the discovery requires more work to dig out the technicalities.

“It should be noted that the malware was not downloaded from Twitter and that we did not observe what specific mechanism was used to deliver the malware to its victims.”

Take your time to comment on this article.