Incidents

Not just Twitter, Jaiku too

Yesterday Arbor Networks reported that malware (which we detect as Trojan-Banker.Win32.Banker.alwa and Trojan-Banker.Win32.Banker.alwe) was using Twitter as a control system to command infected machines.

But it’s not just Twitter being used by this malware, but Jaiku as well.

You might never have heard of Jaiku, but it’s very similar to Twitter. And it’s being used in the same way, with someone sending commands encrypted in Base64 to an account:

Decrypting some lines we can see two links:

http://bit.ly/******
http://bit.ly/******

that lead to a page with more Base64 code:

This code gets downloaded by the malware, decrypted and saved as an infection component, updating the malware sitting on compromised machines.

So Brazilian cybercriminals are right on the money when it comes to finding new attack vectors; although Jaiku isn’t anywhere near as popular as Twitter, this attack shows they’re out to find as many victims as they can.

Not just Twitter, Jaiku too

Your email address will not be published. Required fields are marked *

 

Reports

BlindEagle flying high in Latin America

Kaspersky shares insights into the activity and TTPs of the BlindEagle APT, which targets organizations and individuals in Colombia, Ecuador, Chile, Panama and other Latin American countries.

APT trends report Q2 2024

The report features the most significant developments relating to APT groups in Q2 2024, including the new backdoor in Linux utility XZ, a new RAT called SalmonQT, and hacktivist activity.

Subscribe to our weekly e-mails

The hottest research right in your inbox