Thousands of Android devices are currently affected by a malicious piece of malware called ADB.Miner that infects the device and then uses it to mine for the cryptocurrency Monero.
Creating what is known as a botnet, this particular piece of malware targets Android devices (including TV boxes and possibly phone and smart home electronics) using the debugging system as an entry point to access a port called ‘port 5555’.
This port is usually closed, but can be accessed using debugging tools, which give the malware its name ‘ADB’ after the Android Debug Bridge system.
Majority of victims in Far East
The botnet was discovered by Chinese security firm Netlab which released a blog post claiming:
“Overall, we think there is a new and active worm targeting Android systems’ ADB debug interface spreading, and this worm has probably infected more than 5,000 devices in just 24 hours. Those infected devices are actively trying to spread malicious code.”
Netlab has since released another blog post stating that “the daily active infected IP addresses reached the peak at 7,000, and remained stable for last 24 hours”. The vast majority of affected devices are in the Far East, with China and Korea making up 78% of victims.
In the original blog post Netlab didn’t explicitly name any devices that were affected in an effort to not create further safety concerns for vulnerable devices, but clarified in the later post that TV boxes were confirmed to be affected with other devices yet to be confirmed.