Android devices caught up in DDoS botnet

Android devices caught up in DDoS botnet

 

A Chinese security firm, Qihoo 360, networking security division, Netlab, has announced the discovery of a new malware turning Android devices into drones!

This botnet, coined Matryosh by Netlab, is finding devices with Android Debug Bridge (adb) public on the internet. Adb exposed on the internet allows malicious attackers to send commands to the unit. These attackers are using the anonymous Tor network to cover its tracks.

Port 5555 is the common port allowing remote connections. This does not only affect Android smartphones - Many other devices running the Android OS (like smart TVs, Watches, E-ink tablets, and other Android-based devices) could be at risk. Charlie Osborne wrote about vendors not disabling adb for ZDNet in 2018!

I find it interesting that the malware even contains code to rename the process, in an effort to disguise/trick the user.

360 Netlab is monitoring the botnet traffic for more information.... 

More reading:
How to enable adb debugging on your device: https://developer.android.com/studio/command-line/adb#Enabling
Vendors are shipping Android devices with diagnostic port exposed: https://www.zdnet.com/article/vendors-are-shipping-thousands-of-android-devices-with-port-access-exposed/

Source:
ZDNet: https://www.zdnet.com/article/android-devices-ensnared-in-ddos-botnet/
Security Mag: https://www.securitymagazine.com/articles/94525-new-matryosh-botnet-targeting-android-devices

Netlab report: https://blog.netlab.360.com/matryosh-botnet-is-spreading-en/

Android Developers: https://developer.android.com/studio/command-line/adb
Android Source: https://source.android.com/setup/build/adb