Security researchers have discovered the use of malicious memes used to communicate with malware.
Malicious actors have for a long time concealed a malicious payload inside an image to evade security controls. The latest stint uses the same technique on memes.
An excerpt of the threat as described by Trend Micro:
“The malware authors have posted two tweets featuring malicious memes on October 25 and 26 via a Twitter account created in 2017. The memes contain an embedded command that is parsed by the malware after it’s downloaded from the malicious Twitter account onto the victim’s machine, acting as a C&C service for the already- placed malware. It should be noted that the malware was not downloaded from Twitter and that we did not observe what specific mechanism was used to deliver the malware to its victims.”
Trend Micro also said the malware’s commands are received via a legitimate service or social networking platform (like Twitter), which makes it harder to take down until the malicious Twitter account is disabled. Trend Micro also noted Twitter has taken the malicious account offline last week on the 13th of December.
See the full report on the malicious meme threat to include malware analysis and list of commands (such as /print and /processos) supported by the malware.