News Android Devices Targeted by New Monero-Mining Botnet

Android Devices Targeted by New Monero-Mining Botnet


- Advertisment -

Android botnet rising

A new botnet appeared over the weekend, and it’s targeting Android devices by scanning for open debug ports so it can infect victims with malware that mines the Monero cryptocurrency.

The botnet came to life on Saturday, February 3, and is targeting port 5555, which on devices running the Android OS is the port used by the operating system’s native Android Debug Bridge (ADB), a debugging interface that grants access to some of the operating system’s most sensitive features.

Only devices running the Android OS have been infected until now, such as smartphones, smart TVs, and TV top boxes, according to security researchers from Qihoo 360’s Network Security Research Lab [Netlab] division, the ones who discovered the botnet, which the named ADB.miner.

Botnet appears to have infected around 7,400 devices

The botnet has been extremely aggressive and has grown each day, exhibiting a worm-like behavior, with infected devices scanning the Internet for other victims.

“The number of scan [sources] has doubled every 12 [hours],” said Yiming Gong, Director of the Network Security Research Lab at Qihoo 360. “We will see how big this botnet gets.”

Currently, Netlab has detected ADB.miner scans coming from nearly 7,400 unique IP addresses, based on public data collected by Netlab’s Scanmon system.

ADB.miner scanning activity

Scanning for this port has been so widespread that port 5555 shot to the #4 spot in Netlab’s most scanned ports. Previously, it wasn’t even in the top 10.

Top 10 scanned ports

Most IP addresses scanning for other devices (meaning they are already infected) are located in China (~40%) and South Korea (~30%). Yiming told Bleeping Computer that the botnet has mostly infected “TV-related” devices, rather than smartphones.

ADB.miner borrows Mirai code

ADB.miner also marks the first time an Android malware strain has borrowed code from Mirai, a strain of Linux-based malware that has previously targeted only networking and IoT devices. Netlab says ADB.miner used some of Mirai’s port scanning code.

Researchers didn’t provide any details regarding the ADB vulnerability attackers are using to take over devices but clarified that they don’t think the bug is specific to any particular vendor. This most likely means the bug affects the core of the Android ADB component itself.

By default, all Android OS instances ship out with the ADB port disabled. The devices taken over by this botnet are devices where vendors or users intervened and enabled port 5555 by hand.

An analysis of the ADB.miner malware source code revealed that crooks are mining Monero using the same Monero wallet address on two different mining pools. At the time of writing, attackers didn’t cash out any of their mined Monero.

Wallet address:

No money in botnet wallet

Source link


Please enter your comment!
Please enter your name here

Latest news

Make Fast and Secure Trades Using is a Cryptocurrency trading platform that allows users to buy and sell their Cryptocurrency in a...

Network Security Using Cryptography: Everything you need to know

This article will describe what is Network Security Using Cryptography and everything you need to know before...

Mercuriex Cryptocurrency Exchange Launches New Utility Token, SURF

MercuriEx Cryptocurrency Exchange, originally developed in 2017, came under new ownership in December 2019. Since taking over the exchange,...

Fungibility: Bitcoin Mixers Favorite Term That No One Understands

Fungibility, perhaps the most important concept when dealing with a decentralized and anonymous currency, but does bitcoin...
- Advertisement -Android Devices Targeted by New Monero-Mining Botnet

Crypto can’t thrive in the real world – but stablecoins can

We can safely say that the hype about cryptocurrencies is pretty much over. The claims of Bitcoin...

How to double your crypto

Most of us have a small gambler deep inside our souls. We love to feel the thrill...

Must read

Make Fast and Secure Trades Using is a Cryptocurrency trading platform that...
- Advertisement -Android Devices Targeted by New Monero-Mining BotnetAndroid Devices Targeted by New Monero-Mining Botnet

You might also likeRELATED
Recommended to you