First Twitter-Controlled Android Botnet, ESET Researchers Make Discovery

Next story

The first known Android malware that uses Twitter accounts was discovered today by IT security company ESET. Detected by ESET as Android/Twitoor, it’s the first malicious app using Twitter instead of a traditional command-and-control (C&C) server to infect devices.

“Using Twitter to control a botnet is an innovative step for an Android platform,” said Lukáš Štefanko, ESET Malware Researcher. “This means of hiding has remained untapped until now. In the future, however, we can expect that the bad guys will try to make use of Facebook statuses or deploy LinkedIn and other social networks.”

Android/Twitoor has been active since July, 2016. It can’t be found on any official Android app store, but likely spreads through SMS or via malicious URLs. The Trojan impersonates a porn player app or MMS application, but without the functionality. Instead, it downloads several versions of mobile banking malware.

After the Trojan launches, it hides its presence on the system and checks the defined Twitter account in regular intervals for commands. Based on received commands, it can either download malicious apps or change the C&C Twitter account to another one. Additionally, botnet operators can start distributing other malware at any time, including ransomware.

“Twitoor serves as another example of cyber criminals innovating their business. Internet users should keep on securing their activities with good security solutions for both computers and mobile devices,” said Štefanko.

Read more in the article on ESET’s security news site, WeLiveSecurity.

About ESET
Since 1987, ESET® has been developing award-winning security software that now helps over 100 million users to Enjoy Safer Technology. Its broad security product portfolio covers all popular platforms and provides businesses and consumers around the world with the perfect balance of performance and proactive protection. The company has a global sales network covering 180 countries, and regional offices in Bratislava, San Diego, Singapore and Buenos Aires. For more information visit or follow us on LinkedIn, Facebook and Twitter.

1ESET has the lowest false positive track record of any vendor, according to AV-TEST and AV-Comparatives.
2Windows, Mac, Linux, Android, iOS, IBM Domino, Kerio, FreeBSD, Exchange, SharePoint Server, VMware vShield
3ESET supports 30+ languages in its software solutions, and provides support in more than 50 languages via local teams in dozens of countries around the world.