You've probably seen dank memes who really talk to you, but research shows that memes can also be done to talk to malware that has infected a computer.
A piece of malware analyzed in a report published Friday by Trend Micro responds to executable commands embedded in images posted on Twitter. Hackers used steganography to hide the "/ print" command in a particular meme in such a way that it is invisible to an informal observer, causing the malicious software to send a screen to a command and control server.
Malware has already been in place on the victim's computer for the trick to work. The researchers said they were not aware of the malware delivery mechanism.
It is worth noting that Twitter as a platform does not host any malware in this scheme. Malware, when it infects the system, downloads the image from the hacker's Twitter account and searches it for commands. Twitter has taken the account which is hard-coded on-line offline, which Trend Micro says happened on December 1
Malware itself is capable of taking more than just screenshots. It is programmed to search for commands that can capture clipboard content, compile a list of running processes, find the system username or retrieve files from a predefined path.
Based on Trend Micro's analysis, this attack may only be in a test phase. Malware controls the screens of a command and control server listed on Pastebin, but it points to a local, private IP address, "which may be a temporary placeholder used by attackers." As such, it is not clear what the big plan with this malware was or who is behind it.
Fortunately, the findings do not mean surfing the web because memes pose a threat to your computer.
<! – -> <! -