First discovered this past weekend, a fast-spreading botnet is infecting thousands of Android devices with malware. It turns these devices into cryptocurrency miners which can be potentially damaging for mobile hardware.
The attack was discovered by Chinese security firm Netlab and has been called “ADB.Miner.” Once a device is infected, it will automatically scan networks for other devices that have port 5555 open. This port is normally closed but Android’s ADB Debugging feature opens it for diagnostics. The botnet has been spreading rapidly due to this worm-like behavior.
While mining on a phone or TV receiver won’t make you rich, infecting thousands of devices can start to add up and that is what the malware creators are hoping to take advantage of. The malware currently mines Monero but once a device is infected, it is easy for the attacker to have it run whatever software they choose.
By analyzing the source code for the miner, Netlab is able to view the bot’s connections to its various mining pools. As of publishing, they have only collected a very small amount of XMR and haven’t withdrawn any at all.
Netlab is still keeping many of the details hidden to help deter others from trying to implement a similar attack. They have however reported that their botnet tracking system shows 5,500 unique network scans to port 5555 over a 24-hour period. This would indicate that roughly 5,500 new devices have been infected. The last time they saw such heavy scans on a port was with the Mirai Botnet.