A group of malware researchers recently discovered a new trojan variant of the notorious Mirai malware botnet. The story of Mirai has been a fascinating one, to say the least. From one of the most prevalent and widely detected threats dating back to 2016 to its many variants and global reach that never truly seems to die, the Mirai botnet has evolved to hijack consumer-grade Internet of Things (IoT) devices on and off for more than seven years. The creators have since been caught; however, Mirai-based botnets remain a threat as the code lives on. It has given birth to many variants and continues to mutate, resulting in the tale at hand today.
A botnet is a large network enslaved by threat actors. Botnets are mainly used for DDoS attacks and stealing of data, but can be misused for other malicious campaigns as well.
This new variant of the Mirai malware has been spotted infecting inexpensive the Android TV set-top boxes of millions of users. This new trojan is a new version of the “Pandora” backdoor that first appeared in 2015.
Its primary targets are budget-friendly Android TV sets, but ESET Mobile Security has been able to block it on both Android TVs and Android smartphones in over 30,000 instances since September 2023. The way it infects a device is by the user downloading a seemingly legitimate app to stream content. These apps can be downloaded from websites dedicated to smartphones, TVs, and Fire TV Sticks.
The apps themselves promise to provide a wide range of TV shows and movies for the user to watch for free, via a trial account or with a premium account. The specifics of this particular type of threat is that its malicious functionality doesn’t present visually to the user, and there are virtually no signs that any malicious activity is happening on the device, or signs that the app might be malicious. Even the permissions the apps asks for don´t appear to be intrusive.
One of the reasons people are tending to opt for cheaper streaming services and TV boxes may be the cost of living crisis, as well as the high prices associated with multiple mainstream streaming platforms. However, there are costs to users who try to get “a deal.” These cheaper hardware options are often manufactured quickly without much thought to their security, a feature they share with many other IoT devices. This leaves them more vulnerable to tampering, specifically the potential for firmware alterations. So, even for those who are conscious and selective about the apps that they install, the device might arrive to them with preloaded malware.
The importance of trusted security software
As we have established earlier, in this instance, to the naked eye, it is virtually impossible to realize whether or not a device has been infected. Furthermore, since users have no way of knowing if apps they’d like to use with their devices are malicious or not, they would have no reason to uninstall and delete them from their devices.
To avoid infection and worry, users can employ ESET Mobile Security (EMS), which is able to detect and block this and similar threats during the download process, even before installation occurs. This means that the threat never reaches the user. EMS can also be used to scan already existing apps and downloads to double-check that you haven’t bought the devil in disguise. In the case of a malicious app or download, EMS alerts users that malicious code has been detected — as seen on the picture below.
While it is always essential to stay alert, use of a security solution proves itself time and time again to be critical in combating the cyberthreats of today. It adds a layer of security, one that human vigilance cannot, and ensures you have a smooth, safe, and uninterrupted online experience.