Mirai-Based xlabs_v1 Botnet Exploits ADB to Hijack IoT Devices
A new Mirai-based botnet called xlabs_v1 is hijacking internet-exposed IoT devices with Android Debug Bridge (ADB) enabled to launch DDoS attacks.
A new Mirai-derived botnet, identified as xlabs_v1, has been discovered targeting internet-exposed devices that have the Android Debug Bridge (ADB) enabled. Researchers at Hunt.io identified the malware while investigating an exposed directory on a server in the Netherlands, noting that the botnet is actively enlisting devices into a network for distributed denial-of-service (DDoS) attacks [The Hacker News].
The botnet specifically scans for devices with ADB ports (typically 5555) left open to the public internet. By exploiting these misconfigurations, the malware gains control over the underlying hardware, turning IoT devices into nodes for its botnet infrastructure.
Operators of IoT devices are urged to ensure that ADB is disabled or restricted to trusted networks. Regularly updating device firmware and changing default credentials are also critical steps in preventing these devices from being co-opted into botnet swarms.