科技创新!
Hacker uses internet meme to send hidden commands to malware
A recently discovered piece of malware has a unique way of communicating with its creator—through an internet meme posted on Twitter.
The mysterious hacker has been using the "What if I told you" meme to secretly tell a Windows-based strain of malware when to grab screenshots from infected PCs, according to security firm Trend Micro.
SEE ALSO: Why every super paranoid internet user needs a cheap ChromebookAlthough the internet meme look like an ordinary digital image, a simple command is hidden in the file's metadata, Trend Micro VP Mark Nunnikhoven says. The malware, on other hand, has been designed to look up the hacker's Twitter account and scan image files for the secret commands.
"The messages used for this malware are very small (typically one word) meaning that they can be hidden between the metadata and actual pixel layout without changing the image itself," Nunnikhoven said in an email.
The hacker appears to have only posted two malicious memes — on Oct. 25 and 26 — with the command "/print," which will order infected Windows PCs to take a screenshot. Other hidden commands the hacker could've sent through the memes include "/clip" to capture clipboard copied content, and "/processos" to retrieve a list of running processes over the PC.
The practice of concealing messaging in nontext files such as images or video is called steganography, and it's become an effective way for hackers to sneak malicious code onto people's computers or send hidden commands over the open web.
"Most networking monitoring programs won't notice anything odd about access to Twitter.com," Nunnikhoven added. "A site that's based around a timeline like Twitter also allows the attacker to sequence commands for the malware. This can be an effective way of building a solid command and control channel."
The good news is that Twitter has disabled the hacker's account on its platform. But it isn't clear how the mysterious attacker was circulating the malware, a Trojanized .exe file.
In response to Trend Micro's findings, Twitter told PCMag: "Keeping people safe and secure on Twitter is our top priority. If content on Twitter is used for malicious purposes, we take action and remove it. Twitter plays no part in the distribution of the malware involved in this campaign."
However, the company didn't address questions over what Twitter can do to stop similar meme-based malware schemes in the future. Meanwhile, others have shown you can cram a whole lot of data, include ZIP archives, inside an image on Twitter, raising the possibility that hackers could employ the same tactic again.
Featured Video For You
Facebook leaks private photos of nearly 7 million accounts
友链
外链
互链
Copyright © 2023 Powered by
Hacker uses internet meme to send hidden commands to malware-寸地尺天网
sitemap
文章
38174
浏览
2535
获赞
57
热门推荐
Reddit recruits black tech entrepreneur to join board
Reddit is honoring Alexis Ohanian’s request to fill his board seat with a black candidate by nHow to pair Apple AirPods with an Android device
Making the jump from Androidto iOScan feel like a big decision, and one that isn't to be taken lightApple Vision Pro becomes more social with spatial Personas
Apple Vision Pro's Personas have gotten more realistic, with a new (beta) feature the company callsWild Apple rumors for 2025 and beyond: Foldable devices, new 'Slim' iPhone
Apple's got big plans for the (fairly) near future — if you trust a new report that may be jusWatch Kathryn Hahn stare longingly at Rachel Weisz set to the 'Carol' score
Kathryn Hahn and Rachel Weisz are made to be together, forever -- at least in queer fanfiction on TuFormer OpenAI execs call for more intense regulation, point to toxic leadership
Former OpenAI board members are calling for greater government regulation of the company as CEO SamFormer OpenAI execs call for more intense regulation, point to toxic leadership
Former OpenAI board members are calling for greater government regulation of the company as CEO SamRabbit R1 launch party was a foot
The Rabbit R1 launch party, reserved for press and early adopters who managed to secure an RSVP, wasFacebook insists new Workplace tool was for 'preventing bullying,' not suppressing unions
Facebook wants to empower you to make the world more open and connected as you suppress your workersBest headphones deal: The Shokz OpenFit wireless headphones are under $150 at Amazon
SAVE $30: The Shokz OpenFit wireless headphones are on sale for $149.95 at Amazon, marked down fromiPad is now forced to 'open up' like iPhone, but only for some — here's why
By now, you've likely heard that mobile software developers no longer have to go through Apple's AppGoogle is adding audio emoji to calls. Yep, including that one.
Last year Google added emoji reacts to Google Meet, and it seems as though the company will be contiThe 'Avengers' cast are arguing over a stolen pillow on Twitter
Admit it: if you got the chance to spend time on the movie set of one of the world's biggest film frClimate activists protested Rex Tillerson’s nomination in T. Rex costumes
With a name like Rex, such a stunt was inevitable.On Wednesday, environmental activists marched arouHow to hide photos on iPhone
iPhones come with so many new features these days, it can be hard to keep track — and sometime