Researchers found out that hackers have come up with an interesting and unique way to spread a malware. They are now using internet memes for communicating with malware for various malicious operations.
A hacker has been found using the “What if I told you” meme on Twitter to grab screenshots from an infected Windows PCs, according to researchers at security firm Trend Micro.
The memes containing the malware would appear same as an ordinary digital image, but it contains commands in the file’s metadata which is hidden.
“The messages used for this malware are very small (typically one word) meaning that they can be hidden between the metadata and actual pixel layout without changing the image itself,” Nunnikhoven said in an email interview with PCMag.
The hackers used a technique called steganography, which conceals messages in nontext files such as images or video. It is one of the best methods to sneak malicious code onto someone’s computers or to spread a hidden command over the open web
“Most networking monitoring programs won’t notice anything odd about access to Twitter.com,” Nunnikhoven added. “A site that’s based around a timeline like Twitter also allows the attacker to sequence commands for the malware. This can be an effective way of building a solid command and control channel.”
However, Twitter has blocked the hacker’s account, but there could be many more accounts which might be circulating the malware, a Trojanized .exe file.
Twitter told PCMag: “Keeping people safe and secure on Twitter is our top priority. If the content on Twitter is used for malicious purposes, we take action and remove it. Twitter plays no part in the distribution of the malware involved in this campaign.”