Cybersecurity researchers have uncovered a new Mirai-based botnet called xlabs_v1 that is actively targeting internet-exposed devices using Android Debug Bridge (ADB). The malware is designed to hijack vulnerable IoT devices and use them for large-scale DDoS attacks.
According to researchers, the botnet mainly targets devices with ADB enabled on TCP port 5555. This includes Android TV boxes, smart TVs, set-top boxes, routers, and other IoT hardware connected to the internet. Once infected, these devices become part of a botnet controlled remotely by attackers.
The malware reportedly supports multiple attack methods across TCP and UDP protocols, allowing attackers to launch powerful distributed denial-of-service attacks against gaming servers and online services. Researchers also found that the malware can collect bandwidth information from infected devices to categorize them for different attack tiers.
Unlike traditional malware, the botnet does not heavily rely on persistence mechanisms. Instead, attackers re-infect devices repeatedly through exposed ADB services. Researchers also noted that the malware contains features designed to remove competing malware from infected devices so the attackers can fully control system resources.
Security experts warn that many IoT devices still ship with insecure default settings or exposed services, making them easy targets for Mirai-based attacks. Users are advised to disable ADB if not needed, change default credentials, update firmware regularly, and avoid exposing IoT devices directly to the internet.
The incident highlights the growing cybersecurity risks associated with poorly secured smart devices and internet-connected hardware.
For advanced cybersecurity protection and digital safety solutions, you can explore IntelligenceX.
Top comments (0)