Cybersecurity researchers have exposed a new Mirai-derived botnet that self-identifies as xlabs_v1 and targets internet-exposed devices running Android Debug Bridge (ADB) to enlist them in a network capable of carrying out distributed denial-of-service (DDoS) attacks. Hunt.io, which detailed the malware, said it made the discovery after identifying an exposed directory on a Netherlands-hosted server at the IP address "176.65.139[.]44" without requiring any authentication. The malware supports "21 flood variants across TCP, UDP, and raw protocols, including RakNet and OpenVPN-shaped UDP, capable of bypassing consumer-grade DDoS protection," Hunt.io said, adding it's offered as a DDoS-for-hire service designed for targeting game servers and Minecraft hosts. What makes xlabs_v1 notable is that it seeks out Android devices running an exposed ADB service on TCP port 5555, meaning any gear that comes with the tool enabled by default, such as Android TV boxes, set-top boxes, smart TVs, could be a potential target. Besides an Android APK ("boot.apk", the malware supports multi-architecture builds covering ARM, MIPS, x86-64, and ARC, indicating it's also designed to target residential routers and internet-of-things (IoT) hardware. The result is a purpose-built botnet engineered to receive an attack command from the operator's panel ("xlabslover[.]lol") and generate a flood of junk traffic on demand, specifically directing the DDoS attack against game servers. "The bot is statically-linked ARMv7, runs on stripped Android firmwares, and is delivered through ADB-shell pastes into /data/local/tmp," Hunt.io explained. "The operator's nine-variant payload list is tuned for Android TV boxes, set-top boxes, smart TVs, and IoT-grade ARM hardware that ships with ADB enabled." There is evidence indicating that the DDoS-for-hire service features bandwidth-tiered pricing. This assessment is based on the presence of a bandwidth-profiling routine that collects victim bandwidth and g