Malicious meme, TrendMicro analysis


Your favorite Twitter memes could be hiding malware

Here's how it works.


Nahila Bonfiglio


Posted on Dec 18, 2018   Updated on May 20, 2021, 11:11 pm CDT

Cybercriminals are getting more creative.

The people over at TrendMicro, a security intelligence blog, found that hackers have been hiding malicious malware in memes posted to Twitter. The victims of this malware couldn’t resist the memes and downloaded them to their computers. From there the malware could take screenshots, retrieve filenames and usernames, and even obtain a list of processes running on the device.

According to the TrendMicro post, this type of concealed malware is nothing new. The method is used to evade security systems, and “has long been used by cybercriminals to spread malware and perform other malicious operations.” What makes this newest attempt unique is its use of Twitter as a conduit to accomplish this goal.

TrendMicro analysis

The malware’s use of Twitter lessens the chance of it being blocked by anti-malware software since it will connect back to a trusted page. A similar method was used by hackers as far back as 2009, according to Tech Crunch. The malware was created on Oct. 19, according to a VirusTotal analysis, and lasted just under two months before Twitter took down the account, which was created in 2017.

The malware is nothing complicated, according to Trend Micro, but that doesn’t lessen its ability to do damage. Once the malware is on a victim’s “machine,” it can extract one of several commands and sends the gathered information back to the hackers.

In the analysis done by researchers, two images were found to contain the /print command. This command, and others, then instruct the malicious malware to carry out a series of actions on the infected device.

TrendMicro analysis

If you don’t have any anti-malware software on your devices, at least be careful the next time a dank meme comes up on your Twitter timeline.

H/T TechCrunch

Share this article
*First Published: Dec 18, 2018, 9:47 am CST