"Hunt.io detailed the discovery of xlabs_v1 after identifying an exposed directory on a Netherlands-hosted server, allowing access without authentication. The malware targets devices running ADB on TCP port 5555, making Android TV boxes and smart TVs potential victims."
"The botnet supports 21 flood variants across TCP, UDP, and raw protocols, including RakNet and OpenVPN-shaped UDP, which can bypass consumer-grade DDoS protection. It is offered as a DDoS-for-hire service specifically designed for targeting game servers and Minecraft hosts."
"The bot is statically-linked ARMv7, runs on stripped Android firmwares, and is delivered through ADB-shell pastes into /data/local/tmp. The operator's payload list is tailored for Android TV boxes, set-top boxes, and IoT-grade ARM hardware with ADB enabled."
The xlabs_v1 botnet targets internet-exposed devices running Android Debug Bridge (ADB) to conduct distributed denial-of-service (DDoS) attacks. It supports 21 flood variants across various protocols and is marketed as a DDoS-for-hire service aimed at game servers. The botnet specifically seeks Android devices with ADB enabled, including Android TV boxes and smart TVs. It operates through a command panel and is designed to generate significant junk traffic on demand, with evidence suggesting a bandwidth-tiered pricing model for its services.
Read at The Hacker News
Unable to calculate read time
Collection
[
|
...
]