Ares Botnet

Ares Botnet Description

The creation of botnets has been a widespread practice in the world of cybercrime. However, with more and more devices becoming 'smart' and thus connected to the Internet, a new niche for exploitation has opened up, and cyber crooks around the world have not failed to notice. This has lead to the creation of botnets, which consist exclusively of IoT (Internet-of-Things) devices. These devices are particularly vulnerable to cyber attacks as they often lack any security measures or have very weak ones in place. Among the most recently detected IoT botnets is the Ares Botnet. Apparently, the creators of the Ares Botnet have been wildly successful as this botnet's activity makes up more than 11% of all IoT botnet activity globally.

Can Use Brute-Force to Get Login Credentials

The creators of the Ares Botnet propagate their malware via scanning the Internet to detect vulnerable STBs (Set-Top boxes) which are running a simpler variant of the Android OS. There is also a requirement that the IoT device has to have the 'Android Debug Bridge' enabled so that the Ares Botnet malware can infiltrate successfully. Since set-top boxes often use very basic versions of Android, which are lightweight - their authors often leave the Android Debug Bridge feature enabled, and in many cases, it might not even be password-protected. The attackers scan the Web for set-top boxes with this feature enabled by looking for accessible services on port 5555 (used by Android Debug Bridge) and specific Android versions. Even if the system is password-protected, this botnet is capable of using brute force attacks that would attempt to log in using the most popular passwords and admin names.

Used for Mining Cryptocurrency and Launch DDoS Attacks Potentially

If the Ares Botnet successfully adds a device to its network, it will be capable of hijacking it to scan for more vulnerable STB devices and help propagate the threat to them. It appears that the attackers are mainly using the hijacked devices to mine cryptocurrencies. However, such a large botnet is capable of carrying out very potent DDoS (Distributed-Denial-of-Service) attacks too.

Even if your smart device has become a victim of the Ares Botnet, you may never realize as it is likely that it will in no way affect its performance. We advise you to put longer and more difficult to crack passwords on all your smart devices to protect them from cyber crooks seeking to exploit them for their own benefit.