ADB.miner is a botnet mainly comprised of Android smartphones, smart TVs, and tablets. ADB.miner spreads by infecting devices with exposed Android Debug Bridge (ADB) interfaces via port 5555. First detected in January 2018, ADB.miner is the first Android botnet to utilize port-scanning code borrowed from Mirai. This botnet delivers a Monero cryptocurrency miner and exhibits worm-like behavior as it self-replicates and converts compromised devices into scanners to locate additional victims. Approximately 5,000 devices have been impacted by this botnet at the time of writing, with the majority of victims located in China and South Korea.
Reporting and Technical Details:
- February 2018: Android Devices Targeted by New Monero-Mining Botnet (Bleeping Computer)
- February 2018: Early Warning: ADB.Miner A Mining Botnet Utilizing Android ADB Is Now Rapidly Spreading; ABD.Miner: More Information (360 Netlab Blog)
Image Source: Bleeping Computer