November 5, 2022
Twitter meme malware

New Malware Hidden in Plain Sight on Twitter Pulls Instructions from Popular Memes

Twitter meme malware is currently making its way around the social microblog, first appearing in mid-October, a cyber-security firm reports…

Security researchers have discovered a new kind of malware which resides in memes posted to Twitter. As far as malicious code goes, this is fairly underwhelming. But, it’s the deployment method which is most interesting.

Twitter Meme Malware Discovered by Cyber-Security Researchers

The recently uncovered Twitter meme malware runs mostly like any other primitive program of its kind. It uses what’s known as RATs or Remote Access Trojans to infect vulnerable computers, pull targeted data, and sends the information back to the perpetrators.

Although, researchers remain unsure of its purpose and origins. However, it is known the program uses different commands, such as “/print,” “/clip,” “/docs,” and “/processos.”

Twitter has already pulled the suspect account offline, permanently shutting it down.

Here’s the pertinent portion from the post:

“Steganography, or the method used to conceal a malicious payload inside an image to evade security solutions, has long been used by cybercriminals to spread malware and perform other malicious operations. We recently discovered malicious actors using this technique on memes. The malware authors have posted two tweets featuring malicious memes on October 25 and 26 via a Twitter account created in 2017. The memes contain an embedded command that is parsed by the malware after it’s downloaded from the malicious Twitter account onto the victim’s machine, acting as a C&C service for the already- placed malware. It should be noted that the malware was not downloaded from Twitter and that we did not observe what specific mechanism was used to deliver the malware to its victims.”

William Boleys

Will is an experienced freelance writer who covers a wide range of topics, including apps, social media, and search.

View all posts by William Boleys →