Researchers from the Chinese company in the field of cybersecurity 360Netlab have discovered new malware for the cryptocurrency based on Android.
This became known after the publication of the company’s blog.
As informs 360Netlab, ADB.Miner worm can work on any Android device, including smartphones, tablets, and set-top boxes. After hitting the device, the worm first tries to penetrate other available devices and then starts Monero (XMR) mining. All funds are sent to the same address.
According to the 360Netlab report, the ADB.Miner crypto-active worm began to be actively spreading since February 5, and at the moment about 7000 Android devices are infected, mainly in China (39%) and South Korea (39%). The researchers emphasize that, at the very beginning, the ADB.Miner propagation rate was very high, and the number of infected devices doubled every 12 hours. At the moment this amount has stabilized and is about 7000 devices.
The malicious program is distributed using the public Android Debug Bridge (ADB) through an open port 5555, which is normally closed. At the current stage of the study, security experts say that they “have no idea how, when, and why this port was opened.”
Monero is very popular among the creators of malware for mining because it is an anonymous cryptocurrency. Recently we reported that the attackers managed to build a mining script into advertisements on one of the most popular sites in the world – youtube.com.