Botnet Targets Android Devices to Mine Cryptocurrency

A security researcher with Netlab 360 discovered a new cryptocurrency-mining malware actively targeting Android devices. This malware borrows scanning code from Mirai and is designed to infect devices and join them together in a botnet, dubbed ADB.miner, for the purpose of mining Monero cryptocurrency. It scans for vulnerable Android devices including smartphones, smart TVs, and tablets that have port 5555 exposed. This port is used by Android Debug Bridge (ADB), an interface designed to enable specific user interactions with the device, such as installing and debugging applications. ADB.miner self-replicates and converts compromised devices into scanners to locate additional victims. To date, approximately 5,000 devices have been impacted, with the majority of victims located in China and South Korea. The NJCCIC recommends users and administrators of Android devices disable port 5555 (ADB) as soon as possible and carefully monitor devices for any sudden changes in performance such as unexplained high CPU usage.