Matryosh Botnet

By GoldSparrow in Botnets

Translate To:

Infosec researchers discovered a new botnet that is still in its initial stages of being established. Named Matryosh, the botnet exploits Android devices that have the Android Debug Bridge left enabled and exposed to the Internet by the vendor. The issue involving this diagnostics and debugging interface has already been used as a compromise vector by several different malware strains through the past couple of years. Some of the threats include Trinity, ADB.Miner, Fbot, Ares and IPStorm. It also should be noted that Matryosh Botnet shares several striking similarities with two previously deployed botnets named Moobot and LeetHozer, leading researchers to the conclusion that the same attack group is responsible for all three.

What sets Matryosh Botnet apart is that its Command-and-Control (C2, C&C) server is hosted on the TOR network, making them that much harder to detect. Furthermore, the threat obtains the address of the server by performing a complex multi-layered process.

When deployed, Matryosh will be able to carry out DDoS (Distributed Denial-of-Service) attacks, which also were the primary function of the previous two botnets deployed by the hacker group. The attack can be launched via the TCP, UDP and ICMP protocols.

Enigma Software Group Prevails Over Malwarebytes at the Ninth Circuit

Search

Change Region

Matryosh Botnet

Submit Comment

Trending

Safe Search Eng

Findtheirreport.com

MarioLocker Ransomware

Most Viewed

Is Lookmovie.io Safe?

How To Fix 'Printer Driver is Unavailable' Error

Discord Shows Black Screen when Sharing Screen