What You Need to Know About Malware from Memes
Cybercrime is always evolving and one hacker pushed the envelope by hiding malware in Twitter memes. Malware from memes is something new, which cropped up near the end of 2018 and remains a threat this year.
The hacker who used memes to cloak malware has lost his or her Twitter account. Suffice it to say that hiding malware in memes goes against the social media network’s Terms of Service. Unfortunately, the hacker’s actions got plenty of press and may inspire other hackers to try the same thing, at Twitter or anywhere else that memes are posted. Many hackers may soon emulate the “malware from memes” practice and use it steal other people’s personal information.
It’s also possible that other hackers are using memes to hide malware elsewhere online, without being detected. Anyone who is concerned about data security (and everyone should be) needs to know that malware from memes is a problem that may not go away anytime soon. This article is the best place to learn about malware from memes, other current malware threats and how to protect your computer and mobile devices.
How Was the Hacking at Twitter Detected?
Researchers at Trend Micro unearthed the malware that grabbed commands via memes. The memes were displayed at a Twitter account that the hacker controlled. The vast majority of malware depends on communication with command and control servers. Malware functions by receiving instructions from hackers and performing an array of tasks on the computer which have been infected.
Security programs are designed to keep tabs on network traffic, with a mind to detecting shady IP addresses. Attackers know this and they are evolving their methods, by utilizing trusted servers and websites. Legit websites are used as infrastructure during attacks, to cloak the presence of malware.
Researchers describe the Twitter “malware from memes” scheme as being malicious, but undeveloped. The scheme was in its early stages when it was uncovered. The hacker or hackers utilized a technique called Steganography to cloak commands in memes. Steganography is all about hiding commands that are malicious within graphic images of the digital type. The commands are hidden so well that they are invisible to observers.
Once shady commands are embedded in memes displayed at Twitter, malware parses said commands and then executes said commands. While these memes appear just like any other memes, they have commands stashed within their file metadata. The Twitter malware meme contained one command, “/print”. This command prompted the malware to take a screenshot of an infected computer. The screenshot was then sent to a remote server of the command-and-control type.
The New Malware Has A Name
After the malware cloaked inside of memes was discovered, it received the name, TROJAN.MSIL.BERBOMTHUM.AA. This new strain of malware will check the social media account of the hacker and then download image files and scan image files. Meme files are image files. Files are downloaded and scanned to access the hidden commands.
The hacker’s account was set up during 2017 and had a couple of memes. The memes were posted on two days in late October. These memes contained the malicious commands that were sent to malware. The malware was then instructed to take the screenshots. All information about the attacker’s methods was revealed by Trend Micro.
Once the screenshots were taken, they were sent to the server (command and control), which had an address that was accessed via Pastebin.com, via a hard-coded URL. Aside from grabbing screenshots, the malicious software (malware) may be instructed to perform other actions, such as grabbing account names of targeted users who are logged in, retrieving lists of running processes, getting file names from particular directories on infected computers and grabbing dumps of the clipboards of users with infected computers.
Trend Micro malware experts believe that this malware was in an early stage, as the link from Pastebin led to a private and local IP address, which is likely just a short-term place holder utilized by the attacker or attackers.
The Malware Didn’t Come Directly From Twitter
Concerned people should note that this malware didn’t come directly from Twitter. Experts who’ve examined the situation aren’t one hundred percent sure which mechanism was utilized by the hacker or group of hackers. The mechanism chosen would have delivered the malicious software to the computers of victims.
Now that the Twitter account in question has been shut down, there are still questions about who added malware to memes. There are also questions about exactly how the shady hacker was able to circulate the malicious software.
Why Are Hackers Weaponizing Memes?
Hackers are always looking for weaknesses that they can exploit. Memes are image files that hackers may use to achieve their goals, which might be as simple as getting away with something or as dark as spying on other human beings and/or stealing identities or money from human beings.
As anti-malware programs become more sophisticated, so do the methods of hackers. The hacking game is always escalating. Hackers try to stay one step ahead of those who would detect their malicious activities. This is why one hundred percent data security online is not possible. The game is always changing. People who enjoy memes online definitely need to be aware of the fact that malware was planted in memes posted at Twitter account, because it may be happening in other places. Memes seem like harmless fun, but weaponized memes are anything but harmless.
Games Are Also Hiding Places for Malware
Even video games like Pokemon Go have been used to spread malicious software. Hackers have learned how to take advantage of the popularity of certain video games to deliver malware to the masses. So, it’s not just viral memes that are orchestrated through “drive-by” attacks that are a risk. Games are also a threat.
Most users feel that websites which display memes or host games are safe websites. Hackers love this, because it makes it simpler for them to load malicious software onto the smartphones, computers and other electronic devices of unwitting consumers. Cybercriminals also perform hacking by doing “man in the middle” attacks on video game applications, which allow them to control mobile devices and orchestrate attacks on computers (and attacks on enterprises).
Hackers slide into enterprises via games or memes. Memes are getting more press right now, thanks to the Twitter debacle, but both sources of online entertainment are not risk-free.
When a hacker notices that a game is getting popular, he or she can download a copy of that game and then decompile it. After that happens, the hacker may publish the game on third-party application websites or fake websites. When consumers download the game from shady websites and third-party application websites, they don’t realize that Trojans are being installed on their computers or devices. Variants of malware may also be installed.
Unfortunately for consumers, these types of malware give cybercriminals the capacity to control devices/computers remotely. It also grants them the power to track and extract private data, including payment details and passwords. Attackers are able to prolong the quantity of time that they dwell on hacked devices, by permitting game apps to run as they usually do, despite their malware payloads.
With memes, shady websites are homes to images, videos and posts that attract viewers. The websites pass malware to visitor’s computers or devices automatically. Users don’t even need to download stuff to initiate the malware. Visiting a website that is infected is enough to activate ransomware or malware that exploits weaknesses in browsers or operating systems.
After an attacker gains private data from victims, the hacker may access email accounts, which will offer information that makes it easier to crack other accounts. Lots of people do use the same passwords for different accounts. This makes it all too easy for hackers to get into the most sensitive accounts, such as work accounts or bank accounts.
When hackers gain access to work information, they are able to exploit and attack systems that the hacking victim uses for work purposes. Then, more malicious software may be passed on, more data may be gathered and more credentials for new systems may be stolen.
How to Protect Yourself
These types of drive-by downloads are dangerous. They may give a criminal access to your keystrokes and tons of information about you. So, how to protect yourself? Well, you need to understand how it all works.
With the drive-by download, the malware is downloaded to computers, tablets or smartphones when users look at Web pages that are compromised, or email messages of the HTML type, which link to websites. Malware is installed automatically, without the user’s knowledge. The type of malware that is installed is usually referred to as a Trojan or Trojan horse.
Today’s popular Web browsers, such as Chrome and Firebox, will let users know when malicious websites are visited. So will many good anti-virus programs. However, some drive-by downloads aren’t as detectable by browsers and/or anti-virus programs.
To reduce the risk of a drive-by download, you need to beef up computer security. The first step is setting up user accounts to ensure that they can’t modify the operating system or make changes to applications. Regular users of a computer should have permissions that are limited. Make an administrator account that is separate. Use this admin account only for the installation, update or deletion ot programs. Don’t use that account to look at emails or surf the Internet.
Next, be sure that updates to your operating system happen automatically. If you don’t get these updates as soon as they are available, there may be gaps in your operating system security. You should also make certain that all available firewalls are turned on. Your wireless router should also have a functional firewall.
Once you’ve followed those steps, it’s time to install a powerful anti-virus software application on your computer. Make sure that it updates automatically, with up-to-date malware definitions. Also, be sure that your anti-virus problem performs full-system scans regularly.
Free programs of the anti-virus type are out there, but the ones that cost real money tend to be much more protective. They help to keep email clients and browsers uncompromised by drive-by download attacks. So, you may want to spend some money on the best program that you can find. Check the review of anti-virus problems which come from industry experts. They won’t steer you wrong.
What Your About Your Mobile Devices?
Tablet and smartphone users must choose precautions that are a little different. If you own an Apple device, such as an iPod touch, iPad or iPhone, one important tip is to avoid jailbreaking your device. Also, make sure that system updates from Apple are installed regularly. If you own an Android, avoid installing system updates that flash onto your screen all of a sudden. Go to the Google Mobile Blog website and see whether or not the update is the real thing. You must also install security software for your Android mobile device.
Risky websites are out there
It’s always fun to browse the web on a computer or smartphone, and enjoy memes and online games. The problem is, hackers are out there and they are counting on the fact that you want to waste a little time having fun.
Memes make people laugh. Games keep people occupied. Memes and games are usually harmless and very enjoyable. When memes (or games) lure unsuspecting computer and mobile device owners to websites and set the stage for drive-by downloads, it really takes the fun out of things. Your best defense is to follow the data security tips that we’ve shared today. Don’t skip a single step when it comes to beefing up security on your computer and smartphone (and any other mobile devices).
Now that researchers are aware of malware in memes, hackers are going to have to refine their methods to escape detection. While there are still unanswered questions about the Twitter “malware from memes” attack, researchers may soon come up with the answers. This is a new data security threat that will be the subject of plenty of discussion and research in 2019.
