Categories: Security

Fast-Spreading Botnet Infects Android Gadgets For Crypto-Mining

A fast-moving botnet using code from the infamous Mirai malware infected thousands of Android devices in the first 24 hours after its activation, researchers have warned.

Botnets, which take over computer systems’ resources for use in illicit tasks such as sending spam or attacking websites, have in recent years increasingly targeted internet-connected gadgets such as routers and security cameras.

Mirai used a network of such devices to help bring down DNS services provider Dyn in October 2016, temporarily disabling access to a number of major websites.

In this case, the ADB Miner botnet appears to focus on using the system resources of Android devices to mine cryptocurrencies.

Rapid spread

Chinese security firm Netlab said it saw a sudden jump in traffic from infected devices via port 5555 beginning on Saturday and growing tenfold over the following eight hours.

The last time the company said it had seen such as rapid increase in scans from a particular port was when the Mirai malware became active in September 2016. The scans indicate devices are infected with malware and are searching for other vulnerable gadgets.

Devices don’t normally leave port 5555 open, but a developer tool called Android Debug Bridge (ADB) exposes it to perform diagnostic tests. ADB Miner appears to spread by searching for gadgets with the port open, and then exploiting an undisclosed security flaw to implant itself on them.

“We think there is a new and active worm targeting Android system’s ADB debug interface spreading,” Netlab’s Hui Wang wrote in an
. “This worm has probably infected more than 5,000 devices in just 24 hours.”

ADB Miner uses some of Mirai’s code to perform the scans, Netlab said, adding it was the first time it had seen Mirai code being used in an Android botnet.

Smartphones and set-top boxes

Netlab said most of the infected devices are Android smartphones and television set-top boxes with the ADB interface open. About 40 percent are located in China, with another 30 percent in South Korea.

The company withheld details about the models affected in order to prevent copycat attackers making use of the information.

Some botnets, including Mirai, search for particular makes of devices that use known login credentials by default. But Netlab said it didn’t think the problem was a vendor-level issue.

ADB Miner appears to be looking to cash in on recent speculation in cryptocurrencies by using Android resources to mine the Monero currency. As of Tuesday morning, however, the mining pool used by the attackers, called Monero Hash Vault, said only about £2 worth of Monero had been produced.

Currency-mining malware can have a destructive effect on low-powered devices, as was the case with the recent Loapi strain, which ran a number of different simultaneous scams on infected Android gadgets, including mining Monero and generating spurious ad traffic.

Researchers found after allowing Loapi to run on a test device for two days the constant workload caused the battery to bulge and deformed the phone’s cover.

Do you know all about security? Try our quiz!

Matthew Broersma

Matt Broersma is a long standing tech freelance, who has worked for Ziff-Davis, ZDnet and other leading publications

Recent Posts

Norway Hit By DDoS Cyber Attacks From Pro Russian Group

Norwegian national security agency warns pro-Russian group has targetted private and public institutions in Norway…

17 hours ago

Google Tells Staff They Can Relocate After Roe v Wade Ending

After US Supreme Court last week removed women's reproduction rights, Google tells staff they can…

18 hours ago

Taiwan Developing Own Digital Currency – Report

Central bank of Taiwan confirms it is still working on its digital currency, but has…

19 hours ago

Tesla Cuts 200 Autopilot Jobs, Closes San Mateo Office – Report

More restructuring at Tesla with hundreds of bob losses and California office closure, where staff…

21 hours ago

US FCC Commissioner Urges Apple, Google To Remove TikTok

Fresh worry for TikTok, after FCC Commissioner writes to Apple and Google about removing the…

22 hours ago

Airbnb Permanently Bans Parties, With Few Exceptions

Victory for irate neighbours? Airbnb confirms its temporary Covid ban on parties in its listings…

22 hours ago