Security News > 2023 > September > Mirai Botnet Variant 'Pandora' Hijacks Android TVs for Cyberattacks
A Mirai botnet variant called Pandora has been observed infiltrating inexpensive Android-based TV sets and TV boxes and using them as part of a botnet to perform distributed denial-of-service attacks.
Doctor Web said the compromises are likely to occur either during malicious firmware updates or when applications for viewing pirated video content are installed.
In the alternative distribution methods, it's suspected that users are tricked into installing applications for streaming pirated movies and TV shows through websites that mainly single out Spanish-speaking users.
Once an app is installed, it launches a "GoMediaService" service in the background that's then used to unpack a number of files, including an interpreter that runs with elevated privileges and an installer for Pandora.
Achieved MFA? PAM? Service account protection? Find out how well-equipped your organization truly is against identity threats.
The primary targets of the campaign are cheap Android TV boxes such as Tanix TX6 TV Box, MX10 Pro 6K, and H96 MAX X3, which come with quad-core processors from Allwinner and Amlogic, making them an ideal candidate for launching DDoS attacks.
News URL
https://thehackernews.com/2023/09/mirai-botnet-variant-pandora-hijacks.html
Related news
- New FakeCall Malware Variant Hijacks Android Devices for Fraudulent Banking Calls (source)
- Botnet exploits GeoVision zero-day to install Mirai malware (source)
- Juniper Warns of Mirai Botnet Targeting SSR Devices with Default Passwords (source)
- Juniper warns of Mirai botnet targeting Session Smart routers (source)
- Juniper warns of Mirai botnet scanning for Session Smart routers (source)
- BadBox malware botnet infects 192,000 Android devices despite disruption (source)