A fresh threat to Android devices has managed to infect thousands of devices in days, researchers warn.
In a blog post published Sunday, cybersecurity researcher Wang Hui from 360Netlab said a strain of cryptocurrency mining malware called ADB.Miner has begun spreading rapidly.
The malware has similar capabilities to worms and uses theADB debug interface, on port 5555, to spread.
It is usually the case that port 5555 is kept closed; however, the ADB debug tool used to conduct diagnostic tests sometimes may open this port — potentially by accident.
Once a device is infected, it will continue to scan the 5555 port to propagate further and find other devices with the same port open, such as Android-based smartphones, tablets, or television sets.
According to the Chinese security firm, smartphones and smart TV set-top boxes are among most of the devices currently infected, but the company has not disclosed which models or vendors.
While the earliest time of infection has been traced back to 31 January, in only 24 hours, the researchers estimate ADB.Miner has been able to spread to upwards of 5,000 devices, mainly in China and South Korea.
“Overall, we believe malicious code based on the Android system ADB debug interface is now actively spreading in worms and infected over 5,000 devices in 24 hours,” the team says. “Affected devices are actively trying to deliver malicious code.”
While 360Netlab has chosen to be scant on the details of infection — potentially to stop copycats — the team did say that the miner has Mirai code within its scanning module.
Mirai is a botnet which enslaved millions of vulnerable Internet of Things (IoT) devices for the purposes of conducting distributed denial-of-service (DDoS) attacks.
To read the original article: