UPDATED 22:29 EST / FEBRUARY 05 2018

EMERGING TECH

Rapidly spreading cryptomining botnet targets Android phones and smart TVs

A new botnet that targets Android devices to mine for cryptocurrency is spreading rapidly in the wild, just days after more than a half-million Windows personal computers were reported hijacked by the Smominru botnet for similar purposes.

The new botnet, dubbed ADB.Miner by security researchers at Qihoo 360 Netlab, uses a wormlike process to spread itself across Android devices, including phones, smart TVs and TV settop boxes. The script behind the botnet targets port 5555 using a developer tool known as Android Debug Bridge, a debugging interface that grants access to some of the operating system’s most sensitive features.

Once inside a device, ADB.Miner installs an app that causes the device to mine for the Monero cryptocurrency while also attempting to propagate itself by scanning for other Android devices connected to the same network. As of Sunday, the security researchers said, they have detected 7,400 unique IP addresses using the code to mine from Monero. That’s up by more than 5,000 in just 24 hours, meaning that potentially the botnet today could be far larger yet.

The new botnet is believed to be the first time Android devices have been targeted with code based on the Mirai, a strain of malware previously used to create “internet of things” botnets. The first case of Mirai being used to mine for cryptocurrencies was spotted last year when IBM Corp.’s X-Force threat intelligence group discovered a Mirai variant mining bitcoin via IoT devices running BusyBox software.

As SiliconANGLE reported recently, cryptomining is the hottest thing in cybercrime right now, with many victims unaware they’ve been affected. Perhaps indicating just how quickly the cryptomining hacking marketplace is evolving, Alex Vaystikh, chief technology officer at SecBI Ltd., told SiliconANGLE that cryptomining software is delivered in two basic forms: by conventional malware spread through email attachments and by a user clicking on a malicious link.

Three days later, it’s clear the situation is even worse, since ADB.Miner spreads itself without any user interaction at all.

Photo: 143601516@N03/Flickr

Since you’re here …

… We’d like to tell you about our mission and how you can help us fulfill it. SiliconANGLE Media Inc.’s business model is based on the intrinsic value of the content, not advertising. Unlike many online publications, we don’t have a paywall or run banner advertising, because we want to keep our journalism open, without influence or the need to chase traffic.The journalism, reporting and commentary on SiliconANGLE — along with live, unscripted video from our Silicon Valley studio and globe-trotting video teams at theCUBE — take a lot of hard work, time and money. Keeping the quality high requires the support of sponsors who are aligned with our vision of ad-free journalism content.

If you like the reporting, video interviews and other ad-free content here, please take a moment to check out a sample of the video content supported by our sponsors, tweet your support, and keep coming back to SiliconANGLE.

Cookies

We employ the use of cookies. Find out more.