There are about 3,000 websites that are blocked in mainland China under the country’s policy of Internet censorship and Twitter is among those listed in the blocked category. However, there are many who still are a part of the social networking platform. Users in China simply use other versions of Twitter to remain engaged.
Security researchers at Avast discovered a malware in one such variant of the app in China. The malware called ‘Dual Instance’ is being used to steal users’ Twitter credentials and upload them to an online server.
‘While Dual Instance malware successfully captures users’ login identity and password, it prints them out to Android logcat. This log output is used to feed the uploader. The uploader loops to monitor the log with a specific tag, which is ‘twittre’. Once it finds input, it parses the log content to get the identifier and password fields,’ Avast posted on their official blog.
According to the security company the app makes use of the official ‘Twitter’ name and includes something known as the VirtualCore, an open-source framework that allows developers to create small virtual machines in which other Android apps work.
‘Stealing account information is common for malware. However, the manner through which Dual Instance malware induces and steals from users is brand new,’ Avast added towards the end of their blog.
The reports of Dual Instance malware spread are only limited to China for now.
