Categories: Security

Fast-Spreading Botnet Infects Android Gadgets For Crypto-Mining

A fast-moving botnet using code from the infamous Mirai malware infected thousands of Android devices in the first 24 hours after its activation, researchers have warned.

Botnets, which take over computer systems’ resources for use in illicit tasks such as sending spam or attacking websites, have in recent years increasingly targeted internet-connected gadgets such as routers and security cameras.

Mirai used a network of such devices to help bring down DNS services provider Dyn in October 2016, temporarily disabling access to a number of major websites.

In this case, the ADB Miner botnet appears to focus on using the system resources of Android devices to mine cryptocurrencies.

Rapid spread

Chinese security firm Netlab said it saw a sudden jump in traffic from infected devices via port 5555 beginning on Saturday and growing tenfold over the following eight hours.

The last time the company said it had seen such as rapid increase in scans from a particular port was when the Mirai malware became active in September 2016. The scans indicate devices are infected with malware and are searching for other vulnerable gadgets.

Devices don’t normally leave port 5555 open, but a developer tool called Android Debug Bridge (ADB) exposes it to perform diagnostic tests. ADB Miner appears to spread by searching for gadgets with the port open, and then exploiting an undisclosed security flaw to implant itself on them.

“We think there is a new and active worm targeting Android system’s ADB debug interface spreading,” Netlab’s Hui Wang wrote in an
advisory
. “This worm has probably infected more than 5,000 devices in just 24 hours.”

ADB Miner uses some of Mirai’s code to perform the scans, Netlab said, adding it was the first time it had seen Mirai code being used in an Android botnet.

Smartphones and set-top boxes

Netlab said most of the infected devices are Android smartphones and television set-top boxes with the ADB interface open. About 40 percent are located in China, with another 30 percent in South Korea.

The company withheld details about the models affected in order to prevent copycat attackers making use of the information.

Some botnets, including Mirai, search for particular makes of devices that use known login credentials by default. But Netlab said it didn’t think the problem was a vendor-level issue.

ADB Miner appears to be looking to cash in on recent speculation in cryptocurrencies by using Android resources to mine the Monero currency. As of Tuesday morning, however, the mining pool used by the attackers, called Monero Hash Vault, said only about £2 worth of Monero had been produced.

Currency-mining malware can have a destructive effect on low-powered devices, as was the case with the recent Loapi strain, which ran a number of different simultaneous scams on infected Android gadgets, including mining Monero and generating spurious ad traffic.

Researchers found after allowing Loapi to run on a test device for two days the constant workload caused the battery to bulge and deformed the phone’s cover.

Do you know all about security? Try our quiz!

Matthew Broersma

Matt Broersma is a long standing tech freelance, who has worked for Ziff-Davis, ZDnet and other leading publications

Recent Posts

Craig Wright Sentenced For Contempt Of Court

Suspended prison sentence for Craig Wright for “flagrant breach” of court order, after his false…

2 days ago

El Salvador To Sell Or Discontinue Bitcoin Wallet, After IMF Deal

Cash-strapped south American country agrees to sell or discontinue its national Bitcoin wallet after signing…

2 days ago

UK’s ICO Labels Google ‘Irresponsible’ For Tracking Change

Google's change will allow advertisers to track customers' digital “fingerprints”, but UK data protection watchdog…

2 days ago

EU Publishes iOS Interoperability Plans

European Commission publishes preliminary instructions to Apple on how to open up iOS to rivals,…

3 days ago

Momeni Convicted In Bob Lee Murder

San Francisco jury finds Nima Momeni guilty of second-degree murder of Cash App founder Bob…

3 days ago