Memes posted to Twitter have been coded to talk to malware

Nothing gold can stay.

You have probably seen dank memes that really speak to you, but research shows that memes can also be made to speak to malware that has infected a computer.

A piece of malware analyzed in a report published Friday by Trend Micro responds to executable commands embedded in images posted on Twitter. Hackers used steganography to conceal the command “/print” within a specific meme in such a way that’s invisible to a casual observer, prompting the malicious software to send a screenshot to a command and control server.

The malware has to already be in place on the victim’s computer for the trick to work. Researchers said they weren’t aware of the malware’s delivery mechanism.

It’s worth noting that Twitter as a platform does not host any malicious software in this scheme. The malware, once it infects the system, downloads the image from the hacker’s Twitter account and searches it for commands. Twitter has taken the account that’s hardcoded in the malware offline, which Trend Micro says happened as of Dec. 13. The command-laced image doesn’t have to be on Twitter and in theory could be posted to less-moderated sites.


The malware itself is capable of taking more than just screenshots. It’s programmed to look for commands that can capture clipboard content, compile a list of running processes, find the system’s username or retrieve files from a predefined path.

Based on Trend Micro’s analysis, it’s possible this attack was simply in a testing phase. The malware directs the screenshots to a command and control server listed on Pastebin, but it points to a local, private IP address, “which is possibly a temporary placeholder used by the attackers.” As such, it’s not clear what the grand plan with this malware was or who is behind it.

The findings thankfully don’t mean that browsing the web for memes poses a danger to your computer.

Latest Podcasts