Android devices targeted by new botnet

Android devices targeted by new botnet

There is a new botnet targeting Android devices by scanning for open debug ports so it can infect victims with malware that mines the Monero cryptocurrency, Bleeping Computer reported.

The botnet came to life on February 3, and is targeting port 5555, which on devices running the Android OS is the port used by the operating system's native Android Debug Bridge (ADB), a debugging interface that grants access to some of the operating system's most sensitive features.

Only devices running the Android OS have been infected until now, such as smartphones, smart TVs, and TV top boxes, according to security researchers from Qihoo 360's Network Security Research Lab [Netlab] division, the ones who discovered the botnet, which the named ADB.miner.

Currently, Netlab has detected ADB.miner scans coming from nearly 7,400 unique IP addresses, based on public data collected by Netlab's Scanmon system.

Most IP addresses scanning for other devices (meaning they are already infected) are located in China (~40%) and South Korea (~30%).