It is a Mirai variant, a well-known botnet that infects low-cost Android TV devices. The goal is to turn them into zombies, into a complete botnet, so they can launch DDoS attacks. These attacks are used to cause a denial of service. It may be, for example, that a web page stops working.
Android TV for DDoS attacks
Cyber criminals need infected devices to be able to launch powerful DDoS attacks. We have seen cases in which they attack surveillance cameras, computers, mobile phones… They take advantage of vulnerabilities or manage to sneak in some type of malware, thus taking control of these devices.
This time it was their turn Android TV devices. Especially, it affects those of low cost. These decoders are used by millions of people around the world. Behind this discovery is a team of researchers from Dr. Web. They indicate that it is a variant of the backdoor known as Pandora, which has been around since 2015.
They attack Android TV devices like Tanix TX6 TV Box, MX10 Pro 6K and H96 MAX X3. They have quad-core processors, so they can launch more powerful attacks and thus achieve their goal. This will put the proper functioning of the devices at risk, logically.
But how do they manage to infect these computers? they use fake firmware updates. It is important to have the devices updated, in order to avoid vulnerabilities and achieve better performance. However, you should avoid installing unofficial software, as it can compromise security.
These updates can be installed even by resellers of Android TV devices. They can also trick the victim into downloading the firmware from a fake page. In both cases, the result is an infected computer, which is going to be able to launch DDoS attacks without the owner’s knowledge.
They could also use pirated content apps. Basically, it is additional software that the victim is going to install on his device. It’s going to come with malware, so it’s going to be a major problem as soon as it gets installed. It’s not much different from how any other device gets infected.
protect yourself
What can you do to be protected? First thing, buy the devices from reliable sources. This will reduce the risk of using a device that may have been maliciously modified. We have seen that even the resellers themselves can modify the firmware before selling it.
It is also convenient that update your Android TV only from official sources. Beware of downloading the firmware from another page, without really knowing who may be behind it. That could be a major problem and it will cause your security to be seriously compromised.
On the other hand, if you are going to install applications it is important that you make sure that they are reliable. Do not install software from unknown sources, where you cannot check whether it is a scam or not. Also, check that the programs are up to date and avoid obsolete software, even if you think it is safe.
In short, as you can see, they can use your Android TV to launch DDoS attacks. It is necessary that you take preventive measures, to maximize security. This will help you reduce the risk of attacks and you can be more protected. Avoiding madware and other threats is important.