Mirai Botnet Variant 'Pandora' Hijacks Android TVs for Cyberattacks

2023-09-07 09:47

A Mirai botnet variant called Pandora has been observed infiltrating inexpensive Android-based TV sets and TV boxes and using them as part of a botnet to perform distributed denial-of-service attacks.

Doctor Web said the compromises are likely to occur either during malicious firmware updates or when applications for viewing pirated video content are installed.

In the alternative distribution methods, it's suspected that users are tricked into installing applications for streaming pirated movies and TV shows through websites that mainly single out Spanish-speaking users.

Once an app is installed, it launches a "GoMediaService" service in the background that's then used to unpack a number of files, including an interpreter that runs with elevated privileges and an installer for Pandora.

Achieved MFA? PAM? Service account protection? Find out how well-equipped your organization truly is against identity threats.

The primary targets of the campaign are cheap Android TV boxes such as Tanix TX6 TV Box, MX10 Pro 6K, and H96 MAX X3, which come with quad-core processors from Allwinner and Amlogic, making them an ideal candidate for launching DDoS attacks.

News URL

https://thehackernews.com/2023/09/mirai-botnet-variant-pandora-hijacks.html

#android #botnet #cyberattack #hijacks #mirai

News URL

Related news