Researchers discovered a new monero crypto mining botnet Dubbed ADB.Miner and has already infected 5000 android devices in 24 hours.
According to researchers at Qihoo 360 Netlab the botnet has worm-like features and once infected the malicious code look for open 5555 port on other Android devices.
The port 5555 usually is closed, but a command in line tool called android debug bridge opens it to perform diagnostic tests and installing apps.
The botnet target the devices that run on Android OS such smartphone, Smart TVs and TV top boxes.
“Overall, we think there is a new and active worm targeting Android systems’ ADB debug interface spreading, and this worm has probably infected more than 5,000 devices in just 24 hours, Those infected devices are actively trying to spread malicious code.”
You may be interested in reading: RubyMiner Malware found Targeting outdated Linux and Windows Servers
Hui Wang researcher at 360 Netlab said that the malware borrows some port scanning code from Mirai botnet, which is the first time we see Mirai botnet code being used to target Android devices.
According to data collected by Netlab Scanmon system, it has detected ADB.miner scans are coming from nearly 7,400 unique IP addresses.
As of now the ADB.Miner targets android devices located in China and South Korea and only targets devices that are running on Android OS such smartphone, Smart TVs, and TV top boxes.
“The earliest time of the infection can be traced back to January 31. And the current worm-like infection was detected by our system from around 2018-02-03 15:00” said in the blog post published by 360 Netlab.
The researchers did not publish more details about working of the botnet and the infected models but mentioned that said that they don’t think it is a vendor level issue.
The attackers are using same Monero wallet address on two different mining pools to mine monero, and till now zero coins have been paid.
Wallet Address: 44XT4KvmobTQfeWa6PCQF5RDosr2MLWm43AsaE3o5iNRXXTfDbYk2VPHTVedTQHZyfXNzMn8YYF2466d3FSDT7gJS8gdHAr
Earlier this week Proofpoint researchers discovered a new Monero Mining Botnet named Smominru infecting more than 5000000 computers and generated around $3.6 million.