Millions of Android devices threatened by botnet malware — what to do

Android malware botnet attack
(Image credit: Shutterstock)

Chinese researchers say millions of Android devices, including smartphones, tablets, TVs and set-top boxes, are threatened by new malware that wants to draft the devices into a giant botnet.

The botnet malware, which the researchers at Qihoo 360's Netlab are calling "Matryosh" because its functions are layered like a Russian matryoshka nesting doll, using the Android Debug Bridge (ADB) interface to infect devices.

If your devices is infected by Matryosh, you may notice it heating up or slowing down when the botnet is active. But overall, you may not notice anything, which is one reason you should install one of the best Android antivirus apps on your device if possible.

ADB, botnet, DDoS — what?

ADB is an Android developer feature used during software development. It should be disabled on consumer devices, but many shoddy Android device makers leave ADB on when devices ship to market. 

Devices that don't have ADB enabled won't be infected by the Matryosh botnet or several other forms of Android malware that use it as access.

A botnet is a collection of internet-connected devices infected by malware that uses them to carry out directed denial-of-service (DDoS) attacks, send out or relay spam emails, or even combine their computing power to crack passwords, among other uses. 

A DDoS attack occurs when thousands or even millions of devices bombard a single web server with so many requests for data that the server can't connect to the outside world and is effectively knocked offline. 

According to Qihoo Netlab, the Matryosh botnet malware is a variation on the Mirai botnet. The Mirai malware infected thousands of Linux-based routers and other smart-home devices in October 2016 to stage a massive DDoS attack that briefly knocked out internet service on the East Coast of the United States. 

Like Mirai, Matryosh doesn't do anything fancy in the long run. It's designed to stage DDoS attacks. But it uses a complicated setup process involving the Tor hidden network to evade detection by network monitors.

How to disable ADB on your Android device

Here's how to make sure ADB is disabled on your Android device, whether it's a mobile device, a TV or a set-top box. This is a very generic set of instructions, so the steps on your device may not be exactly the same.

  1. Find the Settings menu and open it.
  2. Open System and look for an item named Developer Options, Developer Mode or maybe just Developer.
  3. If some sort of developer option is not available, you're probably fine, but skip to the next set of instructions for how to really make certain.
  4. If Developer Options/Mode is in your System settings, tap it and look for USB Debugging or Debugging.
  5. Make sure USB Debugging is toggled off.
  6. Unless you're going to be using Developer Options/Mode, toggle that off as well.

Turning off developer mode

Because Android device menus vary widely, it might be worth turning on Developer Mode/Options anyway, then turning it off, just to make sure ADB is really turned off. Here's how.

  1. Find the Settings menu and open it.
  2. Find "About Phone", "About Device," "About" or something similar and tap on it.
  3. Find "Build Number" and tap or click on it seven times. (On some devices, it's only three times.)
  4. You'll get a message that you're now in Developer Mode.
  5. Follow steps 2, 4, 5 and 6 above to make sure ADB is disabled and Developer Mode is turned off.
TOPICS
Paul Wagenseil

Paul Wagenseil is a senior editor at Tom's Guide focused on security and privacy. He has also been a dishwasher, fry cook, long-haul driver, code monkey and video editor. He's been rooting around in the information-security space for more than 15 years at FoxNews.com, SecurityNewsDaily, TechNewsDaily and Tom's Guide, has presented talks at the ShmooCon, DerbyCon and BSides Las Vegas hacker conferences, shown up in random TV news spots and even moderated a panel discussion at the CEDIA home-technology conference. You can follow his rants on Twitter at @snd_wagenseil.

Latest in Malware & Adware
Green skull on smartphone screen.
Malicious Android apps with 60 million installs bombarding phones with ads and phishing attacks — how to stay safe
Malware
Dangerous new password-stealing trojan automatically reinstalls itself on infected PCs
An FBI agent typing on a computer
FBI issues warning to millions of Americans to avoid these websites that can steal your passwords and banking info
A hacker typing quickly on a keyboard
New MassJacker malware is hijacking digital wallets to steal large sums from users
A person trying to set up a new Wi-Fi router
Thousands of TP-Link routers have been infected by a botnet to spread malware
A smartphone screen displaying the Android name and logo next to a sign reading 'MALWARE'.
Fake Google Play Store pages are spreading Trojan malware that can steal your financial data
Latest in News
Disney Plus logo
Disney Plus upgrade just fixed one of my biggest problems with the home page
Tom Hiddleston as Robert Laing in "High Rise" now streaming on Netflix
5 best Netflix movies in March you haven't watched yet
iPhone 16 with Apple Intelligence logo for iOS 18.1
iOS 18.4: All the newest Apple Intelligence features coming to your iPhone
Maria Debska in "Just One Look" now streaming on Netflix
3 best Netflix shows in March you haven't watched yet
Split image featuring the Galaxy S25 Edge (left) and Galaxy S25 Ultra (right)
Samsung Galaxy S25 Edge just tipped for two Galaxy S25 Ultra-level features
Wolfenstein: The Old Blood
Amazon is giving away a ton of free games for its Big Spring Sale — here’s how to claim yours