EMERGING TECH
EMERGING TECH
EMERGING TECH
Rapidly spreading cryptomining botnet targets Android phones and smart TVs
A new botnet that targets Android devices to mine for cryptocurrency is spreading rapidly in the wild, just days after more than a half-million Windows personal computers were reported hijacked by the Smominru botnet for similar purposes.
The new botnet, dubbed ADB.Miner by security researchers at Qihoo 360 Netlab, uses a wormlike process to spread itself across Android devices, including phones, smart TVs and TV settop boxes. The script behind the botnet targets port 5555 using a developer tool known as Android Debug Bridge, a debugging interface that grants access to some of the operating system’s most sensitive features.
Once inside a device, ADB.Miner installs an app that causes the device to mine for the Monero cryptocurrency while also attempting to propagate itself by scanning for other Android devices connected to the same network. As of Sunday, the security researchers said, they have detected 7,400 unique IP addresses using the code to mine from Monero. That’s up by more than 5,000 in just 24 hours, meaning that potentially the botnet today could be far larger yet.
The new botnet is believed to be the first time Android devices have been targeted with code based on the Mirai, a strain of malware previously used to create “internet of things” botnets. The first case of Mirai being used to mine for cryptocurrencies was spotted last year when IBM Corp.’s X-Force threat intelligence group discovered a Mirai variant mining bitcoin via IoT devices running BusyBox software.
As SiliconANGLE reported recently, cryptomining is the hottest thing in cybercrime right now, with many victims unaware they’ve been affected. Perhaps indicating just how quickly the cryptomining hacking marketplace is evolving, Alex Vaystikh, chief technology officer at SecBI Ltd., told SiliconANGLE that cryptomining software is delivered in two basic forms: by conventional malware spread through email attachments and by a user clicking on a malicious link.
Three days later, it’s clear the situation is even worse, since ADB.Miner spreads itself without any user interaction at all.
Photo: 143601516@N03/Flickr
A message from John Furrier, co-founder of SiliconANGLE:
Support our mission to keep content open and free by engaging with theCUBE community. Join theCUBE’s Alumni Trust Network, where technology leaders connect, share intelligence and create opportunities.
- 15M+ viewers of theCUBE videos, powering conversations across AI, cloud, cybersecurity and more
- 11.4k+ theCUBE alumni — Connect with more than 11,400 tech and business leaders shaping the future through a unique trusted-based network.
About SiliconANGLE Media
SiliconANGLE Media is a recognized leader in digital media innovation, uniting breakthrough technology, strategic insights and real-time audience engagement. As the parent company of SiliconANGLE, theCUBE Network, theCUBE Research, CUBE365, theCUBE AI and theCUBE SuperStudios — with flagship locations in Silicon Valley and the New York Stock Exchange — SiliconANGLE Media operates at the intersection of media, technology and AI.
Founded by tech visionaries John Furrier and Dave Vellante, SiliconANGLE Media has built a dynamic ecosystem of industry-leading digital media brands that reach 15+ million elite tech professionals. Our new proprietary theCUBE AI Video Cloud is breaking ground in audience interaction, leveraging theCUBEai.com neural network to help technology companies make data-driven decisions and stay at the forefront of industry conversations.
