Security News > 2021 > February > Beware: New Matryosh DDoS Botnet Targeting Android-Based Devices
A nascent malware campaign has been spotted co-opting Android devices into a botnet with the primary purpose of carrying out distributed denial-of-service attacks.
Called "Matryosh" by Qihoo 360's Netlab researchers, the latest threat has been found reusing the Mirai botnet framework and propagates through exposed Android Debug Bridge interfaces to infect Android devices and ensnare them into its network.
ADB is a command-line tool part of the Android SDK that handles communications and allows developers to install and debug apps on Android devices.
This is not the first time a botnet has taken advantage of ADB to infect vulnerable devices.
In July 2018, open ADB ports were used to spread multiple Satori botnet variants, including Fbot, and a year later, a new cryptocurrency-mining botnet malware was discovered, making inroads using the same interface to target Android device users in Korea, Taiwan, Hong Kong, and China.
Netlab researchers said the emerging botnet's command format and its use of TOR C2 are highly similar to that of another botnet called LeetHozer that's developed by the Moobot group.
News URL
http://feedproxy.google.com/~r/TheHackersNews/~3/LEHqsAWNTWI/beware-new-matryosh-ddos-botnet.html
Related news
- Mirai Botnet Launches Record 5.6 Tbps DDoS Attack with 13,000+ IoT Devices (source)
- Hackers Exploit Zero-Day in cnPilot Routers to Deploy AIRASHI DDoS Botnet (source)
- Mirai botnet behind the largest DDoS attack to date (source)
- New Aquabot Botnet Exploits CVE-2024-41710 in Mitel Phones for DDoS Attacks (source)
- Vo1d malware botnet grows to 1.6 million Android TVs worldwide (source)
- Vo1d Botnet's Peak Surpasses 1.59M Infected Android TVs, Spanning 226 Countries (source)
- New Eleven11bot botnet infects 86,000 devices for DDoS attacks (source)
- The Badbox botnet is back, powered by up to a million backdoored Androids (source)