The Zingbox Security Research Team identified an IoT botnet campaign targeting Android-powered devices in November and December of 2018. The perpetrators dropped different variants that set up a backdoor to give themselves remote control of the victim and expand to other hosts via known exploits or login dictionary-based attacks.
In the following report, the behavior and indicators of compromise of the malicious variants caught are presented. This in an effort to better understand the infection and post-exploitation tactics so that we can anticipate similar attacks and take protective steps proactively.
Read more in the report here.