A new cryptocurrency mining malware that infects both Android smartphones and smart TV set-top boxes, dubbed as the ADB.Miner, has been discovered by Wang Hui, a researcher from the security firm 360NetLab. There are around 7,000 infected IP addresses that have been detected by the tech firm, and almost 80 percent of these victims are from China and South Korea. The ADB.Miner takes advantage of an open port 5555, a port that is usually closed in Android devices. However, the Android Debug Bridge (ADB) tool, a software tool that is commonly used to diagnose problems in an Android device, opens this port. The malware cannot open the port by itself, the researcher noted, which means that the port 5555 of affected devices have already been opened before they were infected by the ADB.Miner. After infecting a device with an open port 5555, the malware will then replicate itself and spread to other Android devices that also have an open port. The tech firm noted that the software is capable of doubling every 12 hours.
The security firm was able to collect nine sample files from the malware. One of the sample files, named as the droidbot, has the same code and structure as the SYN scanning module of the Mirai malware. The droidbot code, according to Wang Hui, executes an ADB command that replicates the malware. The tech company noted that the ADB.Miner does not have a Command and Control (C&C) server, and it instead transfers to a single wallet address the cryptocurrency tokens mined in the infected devices.