TTPwire Vol. 1 · MITRE ATT&CK·Tagged

← All stories

GBHackers

Botnet Hijacks ADB-Exposed Android Devices to Target Minecraft Servers

Mayura Kathir · 2 days ago · Read original ↗

ATT&CK techniques detected

3 predictions
T1584.005Botnet
87%
"including a raknet - specific variant tuned for minecraft ’ s protocol and a udp mode that mimics openvpn traffic to slip past basic filters. researchers also observed the operator exposing the bot binary on tcp port 25565, the default port used by minecraft servers, further conf…"
T1584.005Botnet
82%
"_ v1 botnet spreads by scanning the internet for devices that expose adb on tcp port 5555, a legacy mode that grants shell access without a password on many insecure builds. after execution, the malware drops itself into android ’ s data / local / tmp path and immediately tries t…"
T1584.005Botnet
79%
"unstripped debug build plus delivery scripts, which allowed a complete reconstruction of the botnet ’ s behavior. additional pivots through tls certificate history and open - directory captures linked multiple ips and confirmed long - term operator presence on the same hosting ra…"

Summary

New research has uncovered a Mirai-derived botnet called xlabs_v1 that turns Android devices with exposed Android Debug Bridge (ADB) into a distributed attack platform for knocking Minecraft servers and other game hosts offline. By abusing TCP port 5555 on poorly secured Android-based hardware, the operators are quietly building a rentable DDoS-for-hire service aimed at the gaming ecosystem. […]

The post Botnet Hijacks ADB-Exposed Android Devices to Target Minecraft Servers appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.