Twitter is being used for botnet command and control (C&C) purposes, according to new research from network security firm Arbor Networks.
Writing on the firm's official blog, senior security researcher Jose Nazario said he discovered a botnet which uses a Twitter account to send out status updates containing what appears to be a single line of indecipherable text.
However, once decoded the text actually points to links where the infected botnet machines can download more malicious code.
"Basically what it does is use the status messages to send out new links to contact, then these contain new commands or executables to download and run," wrote Nazario. "It’s an infostealer operation."
The account has now been shut down by Twitter, although Nazario warned that it's "just one of what appear to be a handful of Twitter C&C accounts".
In many ways Twitter is the perfect platform from which to control botnets, as it is able to withstand requests from hundreds of thousands of PCs, and has limited scanning capabilities to check for such activity, argued Graham Cluley, senior technology consultant at Sophos.
"Because no legitimate users followed this account, no one was likely to complain and call it spam," he added. "The only PCs looking for these instructions are the infected PCs."
Cluley argued that Twitter needs to take its scanning capabilities "up to a whole new level" in order to proactively prevent such activity in its accounts.
Cotton seedling freezes to death as Chang'e-4 shuts down for the Moon's 14-day lunar night
Fortnite easily out-earns PUBG, Assassin's Creed Odyssey and Red Dead Redemption 2 in 2018
Meteor showers as a service will be visible for about 100 kilometres in all directions
Saturn's rings only formed in the past 100 million years, suggests analysis of Cassini space probe data
New findings contradict conventional belief that Saturn's rings were formed along with the planet about 4.5 billion years ago