The market of cryptocurrency is seeing a huge fluctuation in the price. Take a look at Bitcoin, the price of every Bitcoin is a lot higher than the previous years. Bitcoin is currently seeing a downfall and experts say that the price of other cryptocurrencies is going to be higher. That is leading hackers to mine cryptocurrencies as much as possible. In this attempt, hackers have released infected Android apps that mine cryptocurrencies on your Android device, especially Monero.
Kaspersky researchers spotted several fake antivirus & porn apps for Android that are malware infected. Those apps are used to mine Monero, launch DDoS attacks and also perform other malicious tasks. All of these actions caused the infected phones drain the battery a lot faster and eventually, bulge out of the cover.
Security researchers at Chinese IT security firm Qihoo 360 Netlab identified another malware. This wormable malware scans for wide-range of IP address for finding out any more vulnerable devices to infect them. The malware uses the infected devices to mine Monero. This one is named “ADB.Miner”.
The researchers told that “ADB.Miner” is the first of the kind of Android worm that uses the scanning code programmed in Mirai – the infamous IoT botnet malware. This malware caused major IoT companies offline last year by performing massive DDoS attacks against DynDNS.
How the malware works
ADB (Android Debug Bridge) is a command line toolkit for devs to debug Android code on the emulator and grants some of the most sensitive features of the operating system. Almost all the Android devices come up with ADB port disabled. So, how does the malware work?
“ADB.Miner” searches for Android devices – smartphones, smart TVs, TV set-top boxes – everything publicly accessible via the ADB debug interface. Those devices must be running over port 5555 to be infected. “ADB.Miner” installs a malware app that mines Monero cryptocurrency for its operator. That being said, the malware will only work on those devices that have been configured to enable port 5555 manually.
Additionally, the “ADB.Miner” tries to propagate itself into other devices from the newly infected devices.
Researchers aren’t completely sure how this malware is infecting Android devices. One thing for sure – this isn’t happening by exploiting any type of ADB flaw. The reason is, it’s infecting numerous devices from a wide variety of manufacturers.
The attack started on January 21, 2018, and has increased recently. Based on the IP addresses, the highest infected devices are from China (around 40%) and South Korea (around 31%), according to researcher’s estimation.
How to stay protected
In order to protect your Android device, be aware of using apps. Don’t install apps from any untrusted source. Be careful to install apps from Google Play Store at the same time. You can use a VPN or a firewall to block the port 5555. The best option is to get a good antivirus for your Android. Check out the top Android antivirus from AV-Test.