ARES, a new IoT botnet is infecting Android-based set-top boxes

Ares, a new IoT in the limelight of malicious activities is now found to be infecting Android-based devices that have left a debug port exposed on the Internet.

The set-top-boxes produced by HiSilicon, Cubetek, and QezyMedia, are said to be the victims of this attack, says cyber-security firm WootCloud.

The attacks aren't using a vulnerability in the Android operating systems, but are exploiting a configuration service that has been left enabled and unprotected on some set-top boxes installations.

Named the Android Debug Bridge, or ADB, this is a standard feature of the Android OS. It's purpose is to allow manufacturers and app developers access to the Android OS via a command-line interface. This ADB terminal can be accessed in three ways, via a wired connection, WiFi, or over a network or the internet

Manufacturers often use the ADB service to configure or run tests on Android-based devices. In most production lines, companies disable the service before shipping the device to customers.

However, in the past few years, as Android devices have become more and more popular,It is to be noted that in the past few years, many vendors fail or forget to disable this service, leaving devices exposed to remote attacks, due to ever-increasing popularity of the Android devices.