Matryosh Botnet Uses DDos Attack to Target Android Devices
Matryosh is discovered as latest Botnet out there in the wild. It is known to reuse Mirai framework to extract vulnerabilities present on Android based devices using DDoS attack. The name Matryosh is quite interestingly derived after Russian Dolls due to the logic as it uses encryption algorithm and uses command nested in layers. Netlab is the networking security section in the Chinese security firm Qihoo 360, and said it had discovered a new range of malware in operation that is currently affecting android devices for the motive of collecting a DDoS botnet, as claimed by ZDNet report. The botnet, Matryosh, is proceeding after Android devices that have left their ADB debug interface were exposed on the INTERNET. According to Netlab, it says that Martyosh is a ADB-targeting botnet, using the Tor network to hide its command and control servers. The encrypted algorithm applied in this botnet and the process of getting C2 are occupied in layers.
How Do Matryosh Botnet Spreads?
The mode of propagation is quite similar as other Botnet, Matryosh Botnet uses Android Debug Bridge using port 5555. As this port has a legit use for developers. However it is also used by hackers to open a way out for carrying our remote attacks. Commenting on the news, BurakAGca, Engineer at the Lookout,San Francisco, Calif – based provider of the mobile security solution says that “the main feature of this attack is the misuse of ADB, a long standing Android feature that’s meant to give the developers a simple method to contact with through remotely control device. ADB allows anyone to connect to a device or install the apps and implement commands without any authentication
How Does Matryosh Botnet Works?
The group behind Matryosh is Moobot. Moobot is much more fair to new botnet families based on the Mirai botnet which only targets Internet devices. This malware is active on port 5555, other than it has it is known for the problems for Android devices over the past years, not only it harms smart-phones but also hinders smart TVs,set-top boxes, and other smart devices running on Android OS. Somehow, over the last few years, malware families like ADB.Miner,Ares,IPStorm,Fbot,and Trinity have scanned the INTERNET for Android devices where the ADB interface has been left active, attached to vulnerable systems and installed or downloads malicious payloads.
Also read : Pro-Ocean Cryptojacking: The New improved rootkit with worm capabilities
