Pareto Botnet Targets Internet-of-Things Devices

Kaiji IoT Malware

Modern botnet creators rarely go after computers and, instead, they are looking into exploiting a far more widely spread piece of technology – Internet-of-things (IoT) devices. In short, IoT devices are pretty much anything that is connected to the Internet and has smart features combined with some sort of operating system. Typically, these devices run on Android, and this is the exact type of target that the Pareto Botnet goes after. This botnet is suspected of having reached over a million devices at the peak of its activity. The majority of devices infected by the Pareto Botnet were Android smart TVs, but the attackers probably managed to compromised thousands of other IoT devices as well.

While many botnets are used to execute distributed-denial-of-service attacks, the Pareto Botnet does no such thing. It specializes in ad-fraud campaigns – it spams the infected devices with ads, which could generate massive revenue for the botnet's operator.

The payload of the Pareto Botnet was delivered to infected devices via fake applications for a wide range of TV streaming products like those running on Android, Roku OS, tvOS, Fire OS, and others. Victims were unlikely to notice anything out of the ordinary since the Pareto Botnet advertisements would simply appear over regular ads that the user would see anyway.

While the Pareto Botnet was allegedly taken down, it is likely that some of the people behind this operation will continue their campaign with another botnet. Users should protect their Android IoT devices by applying the latest security patches, using strong login credentials, and never installing apps from unknown sources.

April 23, 2021