We discovered the server was online for less than 24 hours, and that all of the files were uploaded on that same day. We decided to observe this and other servers and conduct a tracking investigation with the intention to collect all of the information we could about the botnet infrastructure.
Revelation Online Chinese Server
The server was online for one more day before it went offline. This behavior suggests that actors behind this botnet may have migrated to a different CNC server, they were performing some internal management, or that it was merely part of the way they operate since we have seen this same behavior tracking their other servers.
Between his revelations and the door he has opened for others to follow suit, Zenz has become one of the main targets of Chinese propaganda. Searching his name online, you can find articles criticising him by pro-Beijing publications all over social media and within the first Google search results.
Following the revelations, many online stores reacted by refusing to sell phone models known to be vulnerable. With pressure from smartphone manufacturers and even the DHS, Adups eventually shipped out a version of the FOTA component without the backdoor and data collection code, even if in a presentation at the Black Hat 2017 security conference held in Las Vegas in August, Kryptowire researchers said that some devices were still sending data to the Adups servers.
2ff7e9595c
Comments