https://bit.ly/3PuLHDC - 🔒 Doctor Web has discovered the Android.Pandora trojans, a family that infiltrates Android devices during firmware updates or when apps for viewing pirated content are installed. This malware has evolved from the infamous Linux.Mirai trojan, renowned for its advanced DDoS-attack capabilities. #CyberSecurity #Mirai #AndroidTrojan 📁 Notably, these trojans make alterations to the /system directory. The malware's script appends a line that ensures the trojan is initiated every time the device restarts. The main function of the detected Android.Pandora.2 backdoor is to exploit the compromised device for botnet DDoS attacks. #Malware #DDoS #SystemBreach 📺 Primarily targeting lower-priced Android TV-based devices, models like Tanix TX6 TV Box, MX10 Pro 6K, and H96 MAX X3 are particularly vulnerable. The origin of this trojan can be traced back to a malicious firmware update from December 2015 for the MTX HTV BOX HTV3 Android box. #AndroidTV #DeviceVulnerability 🎬 An additional infection method is through apps designed for streaming pirated movies and shows. These apps, targeting Spanish-speaking users, stealthily initiate the GoMediaService once they're activated. The service then releases multiple files, including ones that enable interaction through an open port. #StreamingApps #MaliciousApps #PiratedContent 🔧 This malware's capabilities include launching DDoS attacks, opening a reverse shell, and modifying Android TV system partitions, owing to its inherited Linux.Mirai code. This trojan's ancestors have targeted major platforms like GitHub, Twitter, and Netflix since 2016. #DDoSAttacks #MiraiLegacy 🛡️ To protect against such threats, Doctor Web advises users to keep their operating systems updated and only download software from trustworthy sources. For infected devices, Dr.Web Security Space for Android can remove the Android.Pandora trojan if root access is granted. Otherwise, reinstalling a clean OS image from the device manufacturer is recommended.