Android/Twitoor is a backdoor capable of downloading other malware onto an infected device. It has been active for around one month. This malicious app can’t be found on any official Android app store – it probably spreads by SMS or via malicious URLs. It impersonates a porn player app or MMS application but without having their functionality.
After launching, it hides its presence on the system and checks the defined Twitter account at regular intervals for commands. Based on received commands, it can either download malicious apps or switch the C&C Twitter account to another one.
“Using Twitter instead of command-and-control (C&C) servers is pretty innovative for an Android botnet,” says Lukáš Štefanko, the ESET malware researcher who discovered the malicious app.