Computer techologies

Botnet Hide 'N Seek started attacking devices on Android

");} else {$ ('# mpu0-desktop'). remove (); console.log ('mpu0-desktop removed');}});

");} else {$ ('# mpu1-desktop'). remove (); console.log ('mpu1-desktop removed') ;]});

The researchers found that the famous botnet Hide 'N Seek started attacking Android devices, adding them to a long list of goals.

Hide' N Seek (HNS) was first noticed by IS specialists January 2018. At that time, analysts at Bitdefender warned that the new threat was attacked by IoT devices, and as early as May 2018 it became known that HNS was actively developing, for example, the new versions of malware became the first of all known IoT threats that learned to "survive"and then continue to work even after that.

Then, in July 2018, it turned out that the botnet could no longer be considered a pure IoT threat, since malware had learned to attack vulnerable database solutions, in addition to routers and DVRs, and as a result, HNS began to represent threat to OrientDB and CouchDB, as well as AVTECH, Cisco Linksys, TP-Link, Netgear and even smart homes.

Development of HNS

Now, Bitdefender specialists have discovered that HNS has acquired another new feature. Botnet started attacking devices running Android. However, new versions of malware do not exploit any vulnerabilities in the mobile OS, but compromise gadgets through the functionality of Android Debug Bridge (ADB) and Wi-Fi.

ADB is usually used by developers for debugging, but many vendors leave these ports open, but the functionality is active, and that is what the malware uses. For example, in February this year, a major botning bot was discovered, which infected the devices through ADB.

A similar "handwriting" is now shown by HNS. Botnet scans the network in search of devices with open ports ADB, and, according to statistics Shodan and researchers, before such attacks and vulnerable about 40,000 gadgets that can become potential victims of the botnet. Mostly these are devices from China, Korea and Taiwan.

Currently Hide 'N Seek does not show any malicious activity. Although it has the potential for data exfiltration and code execution, they are not used. There is also no module for implementing DDoS attacks. Experts suggest that while the HNS is still gaining mass character, and its main efforts are aimed precisely at this.