New xlabs_v1 botnet exploits ADB on port 5555 to recruit IoT for DDoS attacks

Colleagues, please note a new cybersecurity threat.
Hunt.io has identified a Mirai-like botnet, xlabs_v1, targeting devices with open Android Debug Bridge (TCP/5555) to recruit Android TV, set-top boxes, smart TVs and routers.
- Offers 21 flood types (TCP, UDP, RakNet, OpenVPN-like) and is sold as DDoS-for-hire, targeting game servers.
- Uses bandwidth profiles for device billing; lacks persistence—re-infection required.
- Includes a "killer" module to evict competitors and consolidate traffic.
Why it matters: consumer IoT and small game hosts are at elevated risk.
Remediation: close ADB (port 5555), update devices, apply network filters and DDoS protection.
How do you protect game and IoT hosts in your infrastructure?
#cybersecurity #IoT #DDoS #infosec


Latest comments
No comments yet.