A new botnet has emerged and is aggressively spreading among Android devices, including smartphones, Smart TVs and TV top boxes, via the Android Debug Bridge (ADB), according to the information from Qihoo 360's Network Security Research Lab (NetLab). The number of infected devices has grown to over 7,000 and is increasing rapidly, with malicious software acting like a computer worm that is trying to spread to any uninfected device it can reach.
After the malware gets in, it starts mining Monero and looking for other Android-based devices in the network with an open 5555 port, which is used for debugging purposes and usually closed by default. If it finds one, malware uses the privileges this port gives to covertly install a copy of itself into the victim’s smartphone or TV, where it starts the cycle all over again.
According to NetLab, the ADB.miner (name given by the Lab itself) most of infected devices are situated in China and South Korea. According to its researchers, the new miner has inherited parts of its code from another malware that targeted Linux OSs, which served as a basis for the Android OS.