Categories: Security

Fast-Spreading Botnet Infects Android Gadgets For Crypto-Mining

A fast-moving botnet using code from the infamous Mirai malware infected thousands of Android devices in the first 24 hours after its activation, researchers have warned.

Botnets, which take over computer systems’ resources for use in illicit tasks such as sending spam or attacking websites, have in recent years increasingly targeted internet-connected gadgets such as routers and security cameras.

Mirai used a network of such devices to help bring down DNS services provider Dyn in October 2016, temporarily disabling access to a number of major websites.

In this case, the ADB Miner botnet appears to focus on using the system resources of Android devices to mine cryptocurrencies.

Rapid spread

Chinese security firm Netlab said it saw a sudden jump in traffic from infected devices via port 5555 beginning on Saturday and growing tenfold over the following eight hours.

The last time the company said it had seen such as rapid increase in scans from a particular port was when the Mirai malware became active in September 2016. The scans indicate devices are infected with malware and are searching for other vulnerable gadgets.

Devices don’t normally leave port 5555 open, but a developer tool called Android Debug Bridge (ADB) exposes it to perform diagnostic tests. ADB Miner appears to spread by searching for gadgets with the port open, and then exploiting an undisclosed security flaw to implant itself on them.

“We think there is a new and active worm targeting Android system’s ADB debug interface spreading,” Netlab’s Hui Wang wrote in an
advisory
. “This worm has probably infected more than 5,000 devices in just 24 hours.”

ADB Miner uses some of Mirai’s code to perform the scans, Netlab said, adding it was the first time it had seen Mirai code being used in an Android botnet.

Smartphones and set-top boxes

Netlab said most of the infected devices are Android smartphones and television set-top boxes with the ADB interface open. About 40 percent are located in China, with another 30 percent in South Korea.

The company withheld details about the models affected in order to prevent copycat attackers making use of the information.

Some botnets, including Mirai, search for particular makes of devices that use known login credentials by default. But Netlab said it didn’t think the problem was a vendor-level issue.

ADB Miner appears to be looking to cash in on recent speculation in cryptocurrencies by using Android resources to mine the Monero currency. As of Tuesday morning, however, the mining pool used by the attackers, called Monero Hash Vault, said only about £2 worth of Monero had been produced.

Currency-mining malware can have a destructive effect on low-powered devices, as was the case with the recent Loapi strain, which ran a number of different simultaneous scams on infected Android gadgets, including mining Monero and generating spurious ad traffic.

Researchers found after allowing Loapi to run on a test device for two days the constant workload caused the battery to bulge and deformed the phone’s cover.

Do you know all about security? Try our quiz!

Matthew Broersma

Matt Broersma is a long standing tech freelance, who has worked for Ziff-Davis, ZDnet and other leading publications

Recent Posts

Google Goes On Trial In US Over Ad Tech Dominance

US trial of Google over ad tech market power begins, with forced divestiture of ad…

2 hours ago

US DOJ To Propose Google Penalties By End Of Year

US judge gives Justice Department until end of year to formulate plan for Google punishment…

9 hours ago

Trump ‘To Appoint Musk’ To Gov’t Efficiency Role If Elected

Donald Trump says he would appoint Elon Musk to lead government efficiency commission if elected,…

10 hours ago

Australian Official Received Death Threats After Musk Criticism

Australian eSafety commissioner says she received death threats after Musk criticised her for trying to…

10 hours ago

Man Arrested After ‘Earning Millions’ From AI Music Tracks

US man allegedly earned more than $10m in royalties streaming hundreds of thousands of fake…

11 hours ago

NCSC Calls Out Cyber-Attacks From Russia’s GRU

UK's NCSC and allies outline campaign of attacks from unit of Russia's military intelligence service…

11 hours ago