Quote:Researchers are warning a new botnet is recycling the Mirai malware framework and is now targeting Android devices in order to launch distributed denial-of-service (DDoS) attacks.
The botnet is dubbed Matryosh (after a Matryoshka Russian nesting doll) due to many of its functions being “nested” in layers, researchers said. The botnet propagates through the Android Debug Bridge (ADB) interface.
This is a command-line utility that is included in Google’s Android software development kit (SDK). ADB allows developers to communicate with devices remotely, to execute commands and to fully control the device.
Also of note, Matryosh uses the Tor network to cloak its malicious activity and prevent command server takedowns.
“The changes at the network communication level indicates that its authors wanted to implement a mechanism to protect C2,” said researchers with 360 Netlab this week. “Doing this will bring some difficulties to static analysis or simple IOC simulator.”
Read more: https://threatpost.com/android-devices-p...ht/163680/
![[-]](https://www.geeks.fyi/images/collapse.png)
