Mariposa botnet attack distributed via some Google Android Phones

Today, Panda researcher Pedro Bustamante is reporting that the Mariposa botnet attack is being distributed via some mobile phone with Google’s Android operating system. When some versions of the phone are plugged into a computer via USB, a malicious file tries to execute on the PC. A quick analysis of the malware reveals that the malware is in fact a Mariposa bot client, but this time, the botnet is being run by a newly discovered Dark Web group. Mariposa has a USB spreading mechanism.

The forensics on the Mariposa botnet are very interesting, with a number of stealthy elements. You can listen to details on this attack on this ‘su root’ episode of The CyberJungle. This interview talks about the forensic elements of this attack, in the context of the take down last week. It appears that another group is using the same attack, with similar “stealthy elements.”  Ira Victor of The CyberJungle drilled down into those element in this interview. Su root editions are more technically in-depth special editions of The CyberJungle.

The su root episode (#116) of The CyberJungle can be downloaded from the listening options page, or streamed here:

You can read Pedro’s blog post here for more forensics.

One Response to “Mariposa botnet attack distributed via some Google Android Phones”

  1. […] (You may remember that Panda Security was on top of Mariposa months ago, as we reported in this interview from the RSA Security […]

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: