Europe Confirms Record €4.1B Penalty Against Google for Android Practices|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Europe Confirms Record €4.1B Penalty Against Google for Android Practices|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|
Advertisement

Ad Placeholder

Full Width × 90

Breaking News

Twittor tool uses Twitter direct messages to control botnets

Twittor is a tool open source that was designed by the London-based researchers Paul Amar to control botnets via Direct Messages. Twittor is a tool open source that was designed by the London-based researchers Paul Amar to control botnets via Direct Messages. The expert has developed the Twittor tool to make life easier for botnet masters, allowing them to control their […]

Twittor tool uses Twitter direct messages to control botnets

Twittor is a tool open source that was designed by the London-based researchers Paul Amar to control botnets via Direct Messages.

Twittor is a tool open source that was designed by the London-based researchers Paul Amar to control botnets via Direct Messages.

The expert has developed the Twittor tool to make life easier for botnet masters, allowing them to control their malicious architectute by sending out commands via Twitter accounts.

“I mostly wanted to create a PoC after Twitter decided to remove the 140 characters limit for Direct Messages,” wrote the security researcher.

The use of Twitter as a communication channel to control a botnet is not a novelty, any botmasters use social networks such as Facebook and Twitter as C&C. This is a winner’s choice because the technique makes it hard to detect botnet activities.

The interactions with social networking sites can be easily automated and “malicious” traffic directed to social media platforms is hard to identify due to large volumes. Attackers can set up a network of fake profiles on a social network and use them to post a specific set of encrypted commands to the malware. The infected machine queries the “bootmaster” profile for new commands, summarizing a botnet a using C&C in social media is extremely resilient and allows malware to run for long periods of time.

The attackers have improved their control techniques over time. Some malicious agents, in  fact, don’t limit their activity to just interpreting messages from social networking but also receive commands hidden inside a picture posted by a profile related to the bootmaster.

Twittor tool twitter CeC server

The Twittor tool is open source and it is available on GitHub, and the researcher Amar is inviting developers to contribute to the project.

“A stealthy Python based backdoor that uses Twitter (Direct Messages) as a command and control server This project has been inspired by Gcat which does the same but using a Gmail account.” Amar  wrote.

fork the project, contribute, submit pull requests, and have fun.” 

The Twittor tool is a Python-based backdoor, the attacker just needs a Twitter account, set up a Twitter app, and get Twitter API credentials.

Among the features already implemented by the twitter tool there is the listing of active boys, execution of commands on it, refreshing of the C&C control. All via features rely on the Direct Messages.

Amar explained that Twittor tool has been inspired by gcat, another open source backdoor that exploits Gmail as a command and control server.

Pierluigi Paganini

(Security Affairs – Twittor tool, botnet)