Security researchers have discovered yet another example of how cybercriminals disguise their malware activities as regular traffic by using legitimate cloud-based services.
Trend Micro researchers have uncovered a new piece of malware that retrieves commands from memes posted on a Twitter account controlled by the attackers.
Most malware relies on communication with their command-and-control server to receive instructions from attackers and perform various tasks on infected computers.
Since security tools keep an eye on the network traffic to detect malicious IP addresses, attackers are increasingly using legitimate websites and servers as infrastructure in their attacks to make the malicious software more difficult to detect.
In the recently spotted malicious scheme, which according to the researchers is in its early stage, the hackers uses Steganography—a technique of hiding contents within a digital graphic image in such a way that’s invisible to an observer—to hide the malicious commands embedded in a meme posted on Twitter, which the malware then parses and executes.
Although the internet meme looks a normal image to human eyes, the command “/print” is hidden in the file’s metadata, which then prompts the malware to send a screenshot of the infected computer to a remote command-and-control server.
images from Hacker News