A New Botnet Targeting to Infect Android Devices with Malware that Mines the Monero Cryptocurrency

Another botnet showed up over the weekend on Saturday,
February 3 focused entirely on Android gadgets precisely being port 5555, which
on gadgets running the Android OS is the port utilized by the operating
system’s native Android Debug Bridge (ADB), a troubleshooting interface which
awards access to a portion of the operating system’s most sensitive features.
The reason why being so that by checking for open
troubleshoot ports it can infect victims with malware that mines the Monero
cryptocurrency.
As per security researchers from Qihoo 360’s Network
Security Research Lab (Netlab) division, the ones who discovered the botnet,
named ADB.miner , just gadgets, for example, cell phones, smart TVs, and
television top boxes, running the Android OS have been tainted as of not long
ago.
“The number of
scan [sources] has doubled every 12 [hours],” said Yiming Gong, Director
of the Network Security Research Lab at Qihoo 360. “We will see how big
this botnet gets.”

The botnet gives off an impression of being aggressive and
continues growing every day, with 
infected devices filtering the Web for other
victims. As of now, the Botnet seems to have infected around 7,400 devices as
detected by Netlab.
Recently scanning for this port 5555, shot to the #4 spot in
Netlab’s most scanned ports as opposed to the previous account, as it wasn’t
even in the top 10.
Most IP addresses to checking for different devices (which
means they are now infected) are situated in China (~40%) and South Korea
(~30%). Yiming informed further that the botnet has generally infected  “television related” devices,
instead of smartphones.
  
Netlab says ADB.miner utilized some of Mirai’s port scanning
code also marks the first time an Android malware strain has obtained code from
Mirai, a strain of Linux-based malware that was previously focused on just
systems administration i.e. Networking and IoT devices.
All the same, the researchers still haven’t given any
insights with respect to the ADB vulnerability 
the attackers are using to take control over devices however cleared up
that they don’t think the bug is particular to a specific seller (vendor). This
in all probability implies that the bug influences the centre of the Android
ADB segment itself.

Leave a Reply

Your email address will not be published.