• Hacking News
    • Leaks
    • WikiLeaks
    • Anonymous
  • Tech
    • Android
    • Apple News
    • BlackBerry
    • Google News
    • Microsoft
    • Motorola
    • Nokia
    • Samsung
    • 3D
  • Cyber Crime
    • Phishing Scam
  • How To
  • Cyber Events
    • Censorship
    • Cyber Attacks
  • Security
    • Malware
  • Surveillance
    • Drones
    • NSA
    • Privacy
  • Explore
    • Gaming
    • Science
    • Viral
HackRead
  • January 20th, 2021
  • Home
  • Advertise
  • Privacy Policy
  • Contact Us
HackRead
  • Hacking News
    • Leaks
    • WikiLeaks
    • Anonymous
  • Tech
    • Android
    • Apple News
    • BlackBerry
    • Google News
    • Microsoft
    • Motorola
    • Nokia
    • Samsung
    • 3D
  • Cyber Crime
    • Phishing Scam
  • How To
  • Cyber Events
    • Censorship
    • Cyber Attacks
  • Security
    • Malware
  • Surveillance
    • Drones
    • NSA
    • Privacy
  • Explore
    • Gaming
    • Science
    • Viral
  • Follow us
    • Facebook
    • Twitter
    • Linkedin
    • Youtube
Home
Hacking News
News

Monero Mining Malware Infecting Android Smart TVs & Smartphones

February 17th, 2018 Waqas News 0 comments
Monero Mining Malware Infecting Android Smart TVs & Smartphones
Share on FacebookShare on Twitter

The malicious Monero mining campaign is spreading fast through ADB.miner to target Android devices.

The IT security researchers at a Chinese information security firm Netlab have revealed that the ADB.miner malware also called Android.CoinMine.15 is spreading at an excessively fast pace. Researchers have noted that its activity is at its peak at the moment with the number of infected devices getting doubled every passing day.

According to their blog post, a majority of these infected devices are smart TVs probably because these devices use ADB (Android Debug Bridge) for uninterrupted internet connections. However, smartphones, set-top boxes, media players, routers, tablets and receivers along with the Android-based single-board computer Raspberry Pi 3 are also potential targets since all of them use network debugging.

This Android Trojan performs Monero cryptocurrency mining and can easily infect other devices; it infects Android devices using an open port 5555 that is used by the ADB. It is distributed via the Droidbot.apk application with the files nohup, sss, and bot.dat, which are installed on an infected host through another infected device.

Monero Mining Malware Infecting Android Smart TVs & Smartphones

The sss file is executed using the nohup utility where the file serves as a daemon and extracts other Trojan components from bot.dat. These components include a JSON configuration file, a copy of the droidbot Trojan program and miner applications both for 32-bit and 64-bit operating systems. After being launched, droidbot produces a random IP address and attempts to create a connection with the port 5555 through creating an infinite loop, which infects the targeted device by exploiting the ADB debugger’s interface.

Additionally, a separate thread is created where a miner application is launched; this application is designed to mine Monero cryptocurrency. Through mining operation, the device’s performance is significantly reduced as it will get overheated and the battery will be drained rapidly.

It must be noted that the ADB debugger is originally disabled in a majority of Android devices but some vendors choose to enable it; it can also be enabled manually by a user and developers also use the debugging mode frequently. Around 8% of the devices have the debugging mode enabled; this means 8% of all the android devices are potentially at risk.

After getting infected, the compromised TV boxes and Android smartphones search networks for other devices having the Internet port 5555 open, which usually is closed but the ADB tool enables it to carry out a series of diagnostic tests. Netlab’s laboratory was scanned by 2,750 unique IPs in the initial 24 hours after the botnet was launched. This is why researchers believe that the malware is spreading at an alarmingly high rate.

“Overall, we think there is a new and active worm targeting Android systems’ ADB debug interface spreading, and this worm has probably infected more than 5,000 devices in just 24 hours. Those infected devices are actively trying to spread malicious code,” wrote the researchers from Netlab.

  • Tags
  • Android
  • Bitcoin
  • Cryptocurrency
  • Cryptojacking
  • Cyber Crime
  • Fraud
  • Malware
  • Monero
  • Scam
  • Smartphones
  • TROJAN
Facebook Twitter LinkedIn Pinterest
Previous article TrickBot Variant Steals Bitcoin by Hijacking Cryptocurrency Transactions
Next article Austria seeks Interpol's help to bust Bitcoin scammers who stole $115M
Waqas

Waqas

I am a UK-based cybersecurity journalist with a passion for covering the latest happenings in cyber security and tech world. I am also into gaming, reading and investigative journalism

Related Posts
The Evolution and Development of Hacking

The Evolution and Development of Hacking

Google reveals details on active vulnerability affecting Windows 10, 7

Google reveals details on active vulnerability affecting Windows 10, 7

Ransomware group donates $20,000 in BTC to two charities

Ransomware group donates $20,000 in BTC to two charities

Newsletter

Get the best stories straight into your inbox!



Don’t worry, we don’t spam

Latest Posts
Ongoing 'FreakOut' malware attack turns Linux devices into IRC botnet
Security

Ongoing 'FreakOut' malware attack turns Linux devices into IRC botnet

22
Signal, Google Duo, FB Messenger vulnerabilities allowed eavesdropping
Security

Signal, Google Duo, FB Messenger vulnerabilities allowed eavesdropping

47
Malwarebytes says it was also breached by SolarWinds hackers
Hacking News

Malwarebytes says it was also breached by SolarWinds hackers

60

HACKREAD is a News Platform that centers on InfoSec, Cyber Crime, Privacy, Surveillance and Hacking News with full-scale reviews on Social Media Platforms & Technology trends. Founded in 2011, HackRead is based in the United Kingdom.

Follow us