A study by the Internet of Things (IoT) cybersecurity firm WootCloud Labs has found a new botnet named “Ares” infecting Android devices due to a port being left exposes. Such Android set-top boxes are used for streaming media.
WootCloud has described it on its blog. The firm came upon suspicious behavior from Set Top Boxes (STB) via WootCloud’s HyperContext Device Security Solution. The WootCloud team then focused attention on investigating the infected set-top boxes.
It found that hackers had exploited and misused the Android ADB protocol, a communication component which is used by the majority of Android devices and associated client to debug and remotely manage them.
The Android Debug Bridge is a crucial component present in all of the Android devices. ADB comprises a client, server and the daemon named as adbd. Generally, the adb server runs as process that sets up the communication channel between the client and the daemon. In other words, the adb is a management component (tool) that is used by clients to trigger commands on the device running server and adbd as background processes.
WootCloud Labs has discovered the Ares ADB botnet targeting Android-based IoT devices to trigger infections at large scale.
A set-top box is a media streaming device for your TV which runs a specialized version of Android OS. These boxes are utilized for streaming media from Netflix, Hulu, and even home media servers.. The number of such devices using Android OS is increasing exponentially. Although this OS is popularly used in mobile devices, TVs, Set-up-boxes (STBs), smart watches, etc are also running the OS. The latter is being used extensively in Internet-of-Things (IOT) devices.
Once the Ares bot is installed on the STBs, it launches scanners to fingerprint and detect more devices via the ADB interface Install attacker-specific payloads to obviously trigger additional set of attacks such as crypt-mining, etc.
To read about the tech stuff, click here.