A new threat to Android devices named android[.]pandora has been identified that compromises the devices when pirated video content is installed or during firmware updates.
This malware belongs to the variant of Mirai Trojan, which has been used to infect smart devices and utilize a network of remotely controlled bots or “zombies” to launch DDOS.
Doctor Web has identified this malware as Android.Pandora.10 and its capabilities and shared the detailed report on its official page.
This malware targets users of Android TV-based devices with lower prices, especially users of the Tanix TX6 TV Box, MX10 Pro 6K, and H96 MAX X3.
Pandoraspearrk – Identified in the virus database as the Android[.]Pandora[.]2 backdoors and used to perform DDoS.
The supervisord – monitors the status of the pandoraspearrk executable and restarts the backdoor if it is terminated.
s.conf – stored the settings for Supervisord
The busybox and curl command-line utilities with the same name are included for networking and file system operations.
This malware can be installed as part of a firmware update available for download on several places as Android Open Source Project test keys.
Source: Cybersecurity News