Ares Botnet

Posted: September 2, 2019

Ares Botnet Description

The Mirai Botnet has inspired dozens of cybercriminals to experiment with their very own pieces of malware that target poorly secured Internet-of-Things devices. This has given birth to a myriad of other botnets that use different tricks, exploits, and techniques to infect thousands of devices and enable the malware's operator to perform various tasks. One of the recently identified botnets that target Android-compatible devices exclusively is called Ares, and it is responsible for over 11% of the botnet activity in the world of IoT devices currently.

Android Set-Top Boxes are the Devices that the Ares Botnet Favors

The Ares Botnet's authors infect devices by scanning the Web for exposed set-top boxes (STB) that run a simplified version of Android that has the 'Android Debug Bridge' enabled. This is a feature found in all Android versions, but it is usually disabled because of safety concerns – however, the stripped-down Android version found on the vulnerable Android set-top boxes has it enabled. In addition to this, access to the Android Debug Bridge (over port 5555) is not even password-protected so that the Ares Botnet's operators may have no trouble accessing it. Even if a password is present, Ares Botnet has the ability to run a simple brute-force tool that checks for the most widely used passwords and login credentials – this has greatly increased Ares Botnet's reach and efficiency.

The Botnet is Being Used to Mine for Cryptocurrency

Every device that the Ares Botnet successfully infects will then be used to initialize additional Web scans and attacks on exposed STB devices. So far, the Ares Botnet has been used for cryptocurrency mining purposes, but its operators could deploy a Distributed-Denial-of-Service (DDoS) module that can be used to take down websites and services easily.

Unfortunately, the influx of smart devices in your homes means that there will be many different infection vectors that cybercriminals can use to gain illicit access to Internet-enabled devices. In the case of the Ares Botnet, users can secure their Android set-top boxes by using a clever password to protect the Android Debug Bridge or disable the service completely. It should be virtually impossible for the average user to spot the Ares Botnet's activity since it would not hinder the set-top box's performance in any way.

Use SpyHunter to Detect and Remove PC Threats

If you are concerned that malware or PC threats similar to Ares Botnet may have infected your computer, we recommend you start an in-depth system scan with SpyHunter. SpyHunter is an advanced malware protection and remediation application that offers subscribers a comprehensive method for protecting PCs from malware, in addition to providing one-on-one technical support service.

Download SpyHunter's Malware Scanner

Note: SpyHunter's free version is only for malware detection. If SpyHunter detects malware on your PC, you will need to purchase SpyHunter's malware tool to remove the malware threats. Learn more on SpyHunter. If you would like to uninstall SpyHunter for any reason, please follow these uninstall instructions. To learn more about our policies and practices, visit our EULA, Privacy Policy and Threat Assessment Criteria.

Why can't I open any program including SpyHunter? You may have a malware file running in memory that kills any programs that you try to launch on your PC. Tip: Download SpyHunter from a clean computer, copy it to a USB thumb drive, DVD or CD, then install it on the infected PC and run SpyHunter's malware scanner.

Leave a Reply

Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter. If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.