Mirai Variant 'Pandora' Used to Hijack Androiv TVs

A variant of the Mirai botnet, known as Pandora, has been observed infiltrating low-cost Android-based TV sets and TV boxes to use them as part of a botnet for conducting distributed denial-of-service (DDoS) attacks.

According to researchers, these compromises likely occur either during malicious firmware updates or when users install applications for streaming pirated video content.

The analysis suggests that this update may have been made available for download from various websites since it is signed with publicly available Android Open Source Project test keys. The backdoor service is embedded in the boot.img, enabling it to persist between system restarts.

Pandora Spread Through Pirated Movie Streaming Apps

In alternate distribution methods, it is suspected that users are deceived into installing applications for streaming pirated movies and TV shows, primarily targeting Spanish-speaking users. The list of apps involved includes Latino VOD (com.global.latinotvod), Tele Latino (com.spanish.latinomobile), UniTV (com.global.unitviptv), and YouCine TV (com.world.youcinetv).

Once one of these apps is installed, it initiates a background "GoMediaService" service, which is then used to unpack several files, including an interpreter with elevated privileges and an installer for Pandora.

Pandora's purpose is to establish contact with a remote server, replace the system's hosts file with a malicious variant, and receive further instructions for launching DDoS attacks via TCP and UDP protocols and opening a reverse shell.

The primary targets of this campaign are affordable Android TV boxes like Tanix TX6 TV Box, MX10 Pro 6K, and H96 MAX X3, all of which feature quad-core processors from Allwinner and Amlogic, making them suitable for launching DDoS attacks.

To mitigate such infections, it is advisable for users to keep their devices updated and download software exclusively from trusted sources.

By Zaib
September 7, 2023
Computer Security
English
September 7, 2023
Computer Security

Popular Posts

As Fears of the Coronavirus Pandemic Spread, So Does...

4 years ago

Microsoft Warns State-Backed Threat Actors Are Using AI in...

4 days ago

Trojan Al11 Malware Detection & Removal - An Essential...

11 months ago

Pinaview is a Fully-Featured Adware App

10 months ago

"Your iCloud is Being Hacked" and "Your iPhone has Been...

7 months ago

What is Lucky Ransomware?

7 months ago

Related Posts

Ransomware

Pandora (TeslaRVNG) Ransomware

Pandora is the name of a new strain of ransomware. The new variant should not be confused with the Pandora ransomware that made headlines in early 2022, which was a new iteration of the Rook ransomware codebase. The... Read more

June 14, 2022
Malware

RapperBot Malware Borrows from Mirai Botnet

RapperBot is the name of a piece of malware discovered by researchers with FortiGuard Labs. The new bot malware is based on code from the infamous Mirai botnet and has been described as "rapidly evolving". The chief... Read more

August 8, 2022
Ransomware

Remove Pandora Ransomware

Pandora Ransomware is a devastating piece of malware, whose attack on your system may be impossible to recover from. It is part of a malware family known as the Rook Ransomware – it is relatively unpopular compared to... Read more

March 15, 2022
English
Loading...

Cyclonis Backup Details & Terms

The Free Basic Cyclonis Backup plan gives you 2 GB of cloud storage space with full functionality! No credit card required. Need more storage space? Purchase a larger Cyclonis Backup plan today! To learn more about our policies and pricing, see Terms of Service, Privacy Policy, Discount Terms and Purchase Page. If you wish to uninstall the app, please visit the Uninstallation Instructions page.

Cyclonis Password Manager Details & Terms

FREE Trial: 30-Day One-Time Offer! No credit card required for Free Trial. Full functionality for the length of the Free Trial. (Full functionality after Free Trial requires subscription purchase.) To learn more about our policies and pricing, see EULA, Privacy Policy, Discount Terms and Purchase Page. If you wish to uninstall the app, please visit the Uninstallation Instructions page.

Home

Products

Cyclonis Backup Cyclonis Password Manager Cyclonis World Time

Support

Help Files FAQs Downloads Inquiries & Support

Company

About Us Contact Us Report Abuse

Legal (Post Merger)

EnigmaSoft Limited (fka Cyclonis Limited)

Cyclonis Backup's Terms of Service Cyclonis Password Manager's EULA Cyclonis World Time's Terms of Service Privacy Policy Cookie Policy Special Discount Offer Terms Additional Terms & Conditions SpyHunter EULA RegHunter EULA EnigmaSoft Privacy Policy & Cookie Policy ESG Privacy Policy & Cookie Policy EnigmaSoft Discount Offer Terms ESG Discount Offer Terms

© 2017-2024 Cyclonis Ltd. CYCLONIS is a trademark of EnigmaSoft Limited (Cyclonis was merged into EnigmaSoft Limited effective November 25, 2023.) All rights reserved.

Registered Office EnigmaSoft Limited: 1 Castle Street, 3rd Floor, Dublin 2 D02 XD82, Ireland.
EnigmaSoft Limited, Private Company Limited by shares, Company Registration Number 597114.

Windows is a trademark of Microsoft, registered in the U.S. and other countries.
Mac, iPhone, iPad and App Store are trademarks of Apple Inc., registered in the U.S. and other countries.
iOS is a registered trademark of Cisco Systems, Inc. and/or its affiliates in the United States and certain other countries.
Android and Google Play are trademarks of Google LLC.