Matryosh Malware targeting Android devices

311

Chinese Cybersecurity firm Qihoo 360 has discovered a new malware campaign that is being infecting vulnerable android devices, turning them into devices that can be used in automated Distributed Denial of Service(DDoS) campaigns.

According to the research conducted by Qihoo, the malware dubbed as Matryosh is found reusing Mirai Botnet Framework to self multiply itself through vulnerable Android Debug Bridge (ADB) interface and keeping its activities discrete by masking its operations with the use of TOR.


Generally, ADB allows developers to install and debug apps on the Google Android operating systems. And when this command-line tool, a part of Android SDK, gets infected, it gives remote access to hackers, allowing them to use the victimized device as a botnet.

However, for mobiles running on the Android 9 and later version, the ADB feature is switched off by default.

Therefore, OEMs are being urged to offer mobiles by switching off the ADB feature by default.

And historically, this is not the first time that hackers are targeting android devices through open ADB ports.

In July 2018, cyber crooks were found inducing Satori Botnet variants in Google phones through ADB ports. And the malware was seen running cryptocurrency mining campaign on targeted devices without the knowledge of the owners using smart phones in China, Korea, Hong Kong and Taiwan.

Moobot group that developed Leethozer botnet is said to be the architect of the latest Matroyosh malware. And the founding company is also known to spread malware to connected devices such as routers, smart TVs, and other devices by exploiting any zero day vulnerabilities.