Android devices ensnared in DDoS botnet


Level 73
Content Creator
Malware Hunter
Aug 17, 2014
Netlab, the networking security division of Chinese security firm Qihoo 360, said it discovered this week a new fledgling malware operation that is currently infecting Android devices for the purpose of assembling a DDoS botnet.

Named Matryosh, the botnet is going after Android devices where vendors have left a diagnostics and debugging interface known as Android Debug Bridge enabled and exposed on the internet.

Active on port 5555, this interface has been a known source of problems for Android devices for years, and not only for smartphones but also smart TVs, set-top boxes, and other smart devices running the Android OS.

According to a report published this week, Netlab said Matryosh is the latest in this long line of ADB-targeting botnets, but one that comes with its own twist.
This uniqueness comes from using the Tor network to hide its command and control servers and the use of a multi-layered process for obtaining the address of this server —hence the botnet's name, inspired from the classic matryoshka Russian dolls. [...]