Chinese security firm Qihoo 360’s Netlab researchers discovered a new campaign targeting Android devices by co-opting them into a botnet with the sole aim to carry out DDoS (distributed denial of service) attacks.
Netlab is the networking security division of Qihoo 360. The fledging malware has been dubbed Matryosh, and the campaign was discovered this week. It is currently affecting Android devices only.
“Matryosh has no integrated scanning, vulnerability exploitation modules, the main function is DDoS attack, it supports tcpraw, icmpecho, udpplain attacks,” Netlab researchers wrote.
Matryosh Reusing Mirai Botney Framework
According to Netlab researchers, Matryosh DDoS botnet reuses the Mirai botnet framework. It is propagated via exposed ADB (Android Debug Bridge) interfaces for infecting and ensnaring Android devices to enlarge its army of botnets.
See: New malware found targeting IoT devices, Android TV globally
It is worth noting that ADB is a command-line tool of the Android SDK. It is responsible for handling communications and letting developers install and debug applications on Android devices. This option by-default is disabled in a majority of smartphones and tablets.
However, some vendors ship phones with this feature activated. Due to this, unauthorized attackers can remotely connect to the device through the 5555 TCP port and exploit it.
![[DiyOtaku] Gives Old Devices A New Life](upload/news/image_1714723213_17994018.png)
