Researcher Leverages Increased Twitter DM Size to Control Botnet with Twittor tool

Botnet operators can manage their infrastructure without exposing their activities on their Twitter page with the help of the tool

A tool named Twittor has been developed by Paul Amar, a British security researcher that uses Twitter private messages (DMs) to power botnets. A simple Python script, Twittor leverages the service’s option and Twitter API to allow anybody message users.

Hackers can create a Twitter account, set up a Twitter app, and obtain API credentials that they can feed into a Python script with the help of Twittor. This script can then be utilized to allow botnets to send out instructions to botnet slaves, or to send PMs to a main Twitter account.

You can send complex instructions without having to send multiple DMs to the same bot, from the time Twitter has removed the 140-character limit to DMs in August.

With only a few Twittor-powered master accounts, criminals can control botnets with thousands of clients with Twitter enforcing a 1,000 DMs per day, per account API limit.

This is not the first time that Twitter has been exploited to manage botnets. The activities of APT29 was reported by Softpedia in July. APT29 is a group that used the HAMMERTOSS malware to set up Twitter accounts to control the activities of a botnet. Public tweets were used by hackers particularly in that case.

The group’s activities would have been difficult to detect, had Twittor been available at that moment, as they would not have been public.