Beware: New Matryosh DDoS Botnet Targeting Android-Based Devices

2021-02-04 02:48

A nascent malware campaign has been spotted co-opting Android devices into a botnet with the primary purpose of carrying out distributed denial-of-service attacks.

Called "Matryosh" by Qihoo 360's Netlab researchers, the latest threat has been found reusing the Mirai botnet framework and propagates through exposed Android Debug Bridge interfaces to infect Android devices and ensnare them into its network.

ADB is a command-line tool part of the Android SDK that handles communications and allows developers to install and debug apps on Android devices.

This is not the first time a botnet has taken advantage of ADB to infect vulnerable devices.

In July 2018, open ADB ports were used to spread multiple Satori botnet variants, including Fbot, and a year later, a new cryptocurrency-mining botnet malware was discovered, making inroads using the same interface to target Android device users in Korea, Taiwan, Hong Kong, and China.

Netlab researchers said the emerging botnet's command format and its use of TOR C2 are highly similar to that of another botnet called LeetHozer that's developed by the Moobot group.

News URL

http://feedproxy.google.com/~r/TheHackersNews/~3/LEHqsAWNTWI/beware-new-matryosh-ddos-botnet.html

#android #botnet #ddos