Home Malware Programs Botnets Ares Botnet

Ares Botnet

Posted: September 2, 2019

The Mirai Botnet has inspired dozens of cybercriminals to experiment with their very own pieces of malware that target poorly secured Internet-of-Things devices. This has given birth to a myriad of other botnets that use different tricks, exploits, and techniques to infect thousands of devices and enable the malware's operator to perform various tasks. One of the recently identified botnets that target Android-compatible devices exclusively is called Ares, and it is responsible for over 11% of the botnet activity in the world of IoT devices currently.

Android Set-Top Boxes are the Devices that the Ares Botnet Favors

The Ares Botnet's authors infect devices by scanning the Web for exposed set-top boxes (STB) that run a simplified version of Android that has the 'Android Debug Bridge' enabled. This is a feature found in all Android versions, but it is usually disabled because of safety concerns – however, the stripped-down Android version found on the vulnerable Android set-top boxes has it enabled. In addition to this, access to the Android Debug Bridge (over port 5555) is not even password-protected so that the Ares Botnet's operators may have no trouble accessing it. Even if a password is present, Ares Botnet has the ability to run a simple brute-force tool that checks for the most widely used passwords and login credentials – this has greatly increased Ares Botnet's reach and efficiency.

The Botnet is Being Used to Mine for Cryptocurrency

Every device that the Ares Botnet successfully infects will then be used to initialize additional Web scans and attacks on exposed STB devices. So far, the Ares Botnet has been used for cryptocurrency mining purposes, but its operators could deploy a Distributed-Denial-of-Service (DDoS) module that can be used to take down websites and services easily.

Unfortunately, the influx of smart devices in your homes means that there will be many different infection vectors that cybercriminals can use to gain illicit access to Internet-enabled devices. In the case of the Ares Botnet, users can secure their Android set-top boxes by using a clever password to protect the Android Debug Bridge or disable the service completely. It should be virtually impossible for the average user to spot the Ares Botnet's activity since it would not hinder the set-top box's performance in any way.

Loading...