The Hide and Seek IoT botnet has recently been updated by its creators to now target Android devices as well. The security analysis reveals that the newly released is even more dangerous than before. Our article sums up the changes and new damage potential.
Аndroid Devices at Risk of Hide and Seek Iot Botnet Attacks
The Hide and Seek IoT botnet has been updated to act against Android devices. The criminal collective behind its development has been observed to add new functionality in frequent incremental optimizations to the main engine. The Android infections seem to be caused not by targeting certain vulnerabilities, instead focusing on abuse of the Android Debug Bridge (ADB) option. By default this is turned off however in some cases users may want to turn it on.
The new botnet samples focus on the devices that have set the ADB option on either by default or by the users. When this function is enabled the devices are exposed as this will open a network port accessing remote connections. Malicious operators have been spotted to perform unauthenticated login attempts — using either default passwords or brute forcing the devices.
The Hide and Seek IoT botnet has been spotted to have added about 40 000 devices to its arsenal, the infected devices are mostly from China, Korea and Taiwan. Many Android devices are now part of the home infrastructure — phones, tablets, TVs and other peripherals. This is the reason why attacks using it are very regarded as critical.
The attacks also lead to the conclusion that the criminal collective behind the botnet is constantly working to update its features. The vastly increased number of infected devices is evident that the botnet is gaining momentum. Botnets are effective for launching distributed denial-of-service attacks (DDoS) which can render sites and computer networks non-working.
Obtaining access to the devices also means tat the hackers can induce various damaging effects upon them such as the following:
- Surveillance — The criminals behind the botnet can spy on the victims in real time and take over control of their devices if such components are added.
- Virus Deployment — Malware infections can be done by the remote network intrusions. In the case of mobile devices this can include miners, Trojans, adware viruses and etc.
- Information Theft — As remote access allows the criminals access to the contained within data the hackers may obtain any data from them.
We expect that further Hide and Seek IoT botnet intrusion attempts will be initiated in the near future.