ESET discovers first-ever botnet of Android devices that is controlled via Twitter instead of C&C center
The new Android/Twitoor.A trojan can’t be found on any official Android app store; it probably spreads by SMS or via malicious URLs.
It then hides inside apps mimicking MMS viewers and porn players apps. These apps don’t deliver any working functionality and hide their presence as soon as the user installs them.
The trojan then checks a Twitter account at specific intervals for new commands. The botnet’s operator tweets out instructions, which are interpreted by the trojan and converted into a malicious action.
A particular feature of the Twitoor botnet is that the Twitter C&C accounts can at any time switch the botnet’s control to a new account.
▻http://www.welivesecurity.com/2016/08/24/first-twitter-controlled-android-botnet-discovered
“In the future, we can expect that the bad guys will try to make use of Facebook statuses or deploy LinkedIn and other social networks”, states ESET’s researcher.