While many folks appear to be ditching cryptocurrency as its value declines it appears as if cybercriminals are just starting to dream up new ways of “earning” digital currency.
Yesterday we learned about Smominru – malware that uses a target’s PC to mine Monero and then employs EternalBlue to spread itself to more victims.
While that malware was limited to PCs Chinese security firm Netlab has discovered malware that forces Android gadgets to mine crypto.
The malware is named ADB.Miner named for its use of the Android Debug Bridge’s (ADB) port 5555 to infect a device.
Netlab says that the malware was able to infect more than 5 000 devices in just 24 hours and while many of the devices are smartphones, set-top boxes that use the Android OS were also found to be infected.
The spread of ADB.Miner appears to have begun at the weekend and progressively got worse.
“The current 5555 port scan traffic has been gone up to the top ten of all ports on our scanmon system. The last time we saw a new port suddenly jumped to the top 10 list was the mirai botnet, which goes back to September 2016,” says Hui Wang at Netlab.
Mirai, as you might recall, corralled routers and security cameras into a massive botnet that could execute huge distributed denial of service attacks.
Right now ADB.Miner is mining cryptocurrency (specifically Monero) and Ars Technica reports that attackers had made around $3 as of Monday.
Are you at risk?
The good news is that port 5555 is closed by default. However, if you are a developer that has had to use ADB to perform diagnostic tests there’s a chance that the device that was tested is vulnerable to this attack.
Netlab was scarce on details such as to which devices are being targeted.
For now then it’s probably best to close port 5555 if you opened it.[Image – CC BY 2.0 Uncalno Tekno]