New, from our ERT: #CECbot, an Android TV botnet and the first malware we're aware of that exploits HDMI-CEC.

It puts the TV to sleep so you don't notice the box behind it is running DDoS and residential proxy traffic. Curve25519/ChaCha20 crypto, 9 persistence layers, and... LAN mapping.

Successor to a Mirai fork, shares not much but the C2 server.

https://github.com/deepfield/public-research/blob/main/cecbot/report.md

#threatintel #DDoS