ADB.Miner - a new Monero mining botnet affecting thousands of mobile and IoT devices, and is extremely dangerous.

---

Dubbed ADB.Miner by 360 Netlab is a new type of malware recently discovered to be infecting Android devices through a port linked with a debugging tool for the OS, according to researchers at Qihoo 360 Netlab.

This malware incorporates advanced port scanning module of notorious malware Mirai, gaining access to Android devices, mostly smartphones, and TV boxes. It exploits a vulnerability in Android Debug Bridge, a command-line tool that is used for debugging, installing apps and other purposes.

It is predominantly affecting devices in China and South Korea, but 360 Netlab is not identifying any of them at this time. “Overall, we think there is a new and active worm targeting android system’s adb debug interface spreading, and this worm has probably infected more than 5,000 devices in just 24 hours,” Wang wrote. In fact, 5555 port scanning traffic has hit the top 10, according to 360 Netlab’s own scanning data.

ADB communicates with devices via USB, but it is also possible for it to use WiFi, according to Android documentation. The botnet propagates itself in “worm”-like fashion, looking for open 5555 ports on other devices, most of which are Android-based, 360 Netlab researcher Hui Wang said in a blog post.

The botnet is distributing malicious code that is mining Monero coins, but as of yet none have been paid out, according to Wang.

The operators of the botnet are using the following Monero wallet address:

44XT4KvmobTQfeWa6PCQF5RDosr2MLWm43AsaE3o5iNRXXTfDbYk2VPHTVedTQHZyfXNzMn8YYF2466d3FSDT7gJS8gdHAr

Here are a few tips to ensure your Android-devices are protected from crypto-mining malware:

• Download your apps from a legitimate source. While some malicious apps may slip through the cracks, app stores like Google Play do have security measures in place to protect users, and it’s much safer than downloading from an unknown source.
• Delete any apps that you haven’t used over the past 6-months. An app’s security can change over time; applications that were once supported by an app store can be flagged as malicious and removed from the platform without notification. If an app is no longer supported in the app store, you should delete it immediately.
• Keep all of your software up to date. Many of the more harmful malware attacks we’ve seen, like the Equifax data breach, take advantage of software vulnerabilities in common applications, such as operating systems and browsers. Having the latest software and application versions ensures that any known bugs or exploits are patched, and is one of the best defenses against viruses and malware.
• Double up on your mobile security software. I can’t stress enough how important is to use comprehensive security software to protect your personal devices.

---

Source