Mariposa botnet attack distributed via some Google Android Phones
Today, Panda researcher Pedro Bustamante is reporting that the Mariposa botnet attack is being distributed via some mobile phone with Google’s Android operating system. When some versions of the phone are plugged into a computer via USB, a malicious file tries to execute on the PC. A quick analysis of the malware reveals that the malware is in fact a Mariposa bot client, but this time, the botnet is being run by a newly discovered Dark Web group. Mariposa has a USB spreading mechanism.
The forensics on the Mariposa botnet are very interesting, with a number of stealthy elements. You can listen to details on this attack on this ‘su root’ episode of The CyberJungle. This interview talks about the forensic elements of this attack, in the context of the take down last week. It appears that another group is using the same attack, with similar “stealthy elements.” Ira Victor of The CyberJungle drilled down into those element in this interview. Su root editions are more technically in-depth special editions of The CyberJungle.
The su root episode (#116) of The CyberJungle can be downloaded from the listening options page, or streamed here:
You can read Pedro’s blog post here for more forensics.