Android devices threatened by new crypto-mining botnet

World
Europe

While many of us are still thinking about the WannaCry ransomware which terrorized the Internet in the middle of 2017, a new threat has just emerged and managed to infect thousands of Android users worldwide.

First spotted by researchers from Chinese cybersecurity giant 360 Netlab, the malware, dubbed ADB.Miner, is intended to mine for the cryptocurrency Monero (XMR), and has been targeting Android devices including TV boxes and possibly smart phone or home electronics that are Android-based since at least Jan. 31.

It possesses similar capabilities to worms, which can self-replicate over Android devices by utilizing the opened ADB debugging interface as an entry point before spreading rapidly through port 5555. The botnet is able to double its numbers approximately every 12 hours.

Regions of infected devices, with darker color indicating more devices infected. /Netlab Photo

Under most conditions port 5555 is kept closed, but the ADB debug tool, which is used to conduct diagnostic tests, sometimes opens this port by accident, providing opportunities for hackers to embed the malicious code and mine Monero coins via the stolen data.

The good news is that, according to the press release, the infected population has stabilized; the daily active infected IP addresses peaked at 7,000, and has remained stable since 3 p.m., Feb. 5, 2018. The crypto-mining worm has yet to receive a single payment in its wallet.

The majority of victims are from China (39%) and South Korea (39%).

Since the rise of cryptocurrency, hackers have turned their eyes to using crypto-mining worms. Besides smart phones, TV sets and routers can also easily fall victim to crypto-mining.

(CGTN's Xie Zhenqi also contributed to the story.)