Android devices ensnared in DDoS botnet, Matryosh

by | Feb 4, 2021

android DDoS botnet Matryosh

Post Views: 501

style="display:block" data-ad-client="ca-pub-6620833063853657" data-ad-slot="8337846400" data-ad-format="auto" data-full-width-responsive="true">
 
 
 

 

 

Reading Time: 1 Minute

 

 

New Matryosh botnet is targeting Android systems that have left their ADB debug interface exposed on the internet.

 

 
  

Netlab, the networking security division of Chinese security firm Qihoo 360, said it discovered this week a new fledgling malware operation that is currently infecting Android devices for the purpose of assembling a DDoS botnet.

Named Matryosh, the botnet is going after Android devices where vendors have left a diagnostics and debugging interface known as Android Debug Bridge enabled and exposed on the internet.

Active on port 5555, this interface has been a known source of problems for Android devices for years, and not only for smartphones but also smart TVs, set-top boxes, and other smart devices running the Android OS.

Over the past few years, malware families like ADB.MinerAresIPStormFbot, and Trinity, have scanned the internet for Android devices where the ADB interface has been left active, connected to vulnerable systems, and downloaded and installed malicious payloads.

According to a report published this week, Netlab said Matryosh is the latest in this long line of ADB-targeting botnets, but one that comes with its own twist.

 

 
See Also: Recent root-giving Sudo bug also impacts macOS

 

style=”display:block” data-ad-client=”ca-pub-6620833063853657″ data-ad-slot=”8337846400″ data-ad-format=”auto” data-full-width-responsive=”true”>

 

 

This uniqueness comes from using the Tor network to hide its command and control servers and the use of a multi-layered process for obtaining the address of this server —hence the botnet’s name, inspired from the classic matryoshka Russian dolls.

 

matryosh-structure.png

 

Image: Netlab

 

Netlab researchers, who are usually among the firsts to discover emerging botnets, said the botnet contains several clues to suggest this is the work of the same group which developed the Moobot botnet in 2019 and the LeetHozer botnet in 2020.

Both botnets were essentially built and used for launching DDoS attacks, which also appears to be Matryosh’s primary function, as well.

 

 

See Also: Offensive Security Tool: JTR – John the Ripper

 

style=”display:block” data-ad-client=”ca-pub-6620833063853657″ data-ad-slot=”8337846400″ data-ad-format=”auto” data-full-width-responsive=”true”>

 

 

The Netlab team says they found functions in the code specific to features that will use infected devices to launch DDoS attacks via protocols like TCP, UDP, and ICMP.

 

VERY LITTLE THAT USERS CAN DO

 

As it was stated in previous articles about the “ADB issue,” there is very little that end users can do about it.

While smartphone owners can easily turn off their ADB feature using a setting in the OS options, for other types of Android-based devices, such an option is not available on most devices.

 

style=”display:block” data-ad-client=”ca-pub-6620833063853657″ data-ad-slot=”8337846400″ data-ad-format=”auto” data-full-width-responsive=”true”>

 

See Also:SolarWinds Supply Chain Hack – The hack that shone a light on the gaps in the cybersecurity of governments and big companies

 

 
 

Hence, as a result, many systems will remain vulnerable and exposed to abuse for years to come, providing botnets like Matryosh and others with a solid mass of devices they can abuse for crypto-mining, DNS hijacking, or DDoS attacks.

 
 

 

style=”display:block” data-ad-client=”ca-pub-6620833063853657″ data-ad-slot=”8337846400″ data-ad-format=”auto” data-full-width-responsive=”true”>

 

 

Source: www.zdnet.com

 

 

 
(Click Link)

 

 

Offensive Security & Ethical Hacking Course

Begin the learning curve of hacking now!

Information Security Solutions

Find out how Pentesting Services can help you.

Join our Community

Share This