- A man found a camera in his Airbnb and the company didn’t seem to care 11 Months Ago
- A redditor planted an Easter egg in Hulu’s Fyre Fest doc 11 Months Ago
- This new revelation about Woody from ‘Toy Story’ will blow your mind 11 Months Ago
- Dave Rubin fails to delete Patreon on livestream to delete Patreon Today 1:14 PM
- The ‘some of y’all… and it shows’ meme is taking over Twitter Today 12:24 PM
- ‘Star Trek: Discovery’ begins season 2 on a cheerful note Today 11:49 AM
- Climate change memes are disrupting the feel-good ’10 year challenge’ Today 11:48 AM
- Mysterious Washington Post parody predicts Trump’s resignation Today 11:42 AM
- YouTube cracks down on challenges, pranks Today 11:04 AM
- Upskirting will soon be illegal in England Today 10:45 AM
- Jake Paul calls Keemstar a ‘piece of trash’ for ‘body-shaming’ Erika Costell Today 10:18 AM
- Sprint promises to stop selling location data after outcry Today 9:53 AM
- Kirsten Gillibrand announces presidential bid—and Al Franken diehards are salty Today 9:49 AM
- How to watch ‘Married at First Sight’ online for free Today 9:43 AM
- There are already memes for ‘Spider-Man: Far From Home’ Today 9:00 AM
Asif Islam/Shutterstock (Licensed)
The malware is infecting smartphones and televisions.
Dubbed “ADB.miner,” the malicious code attacks internet port 5555, a command-line tool used for debugging, installing apps, and other purposes. While the rarely used port is normally closed, a developer tool called Android Debug Bridge can open it to run diagnostics tests. For those who aren’t familiar, a botnet is a network of devices compromised by a malware the enables cybercriminals to remotely command them without the owners’ knowledge.
What’s most concerning about ADB.miner is that it contains sections of code derived from the Mirai botnet, one of the most feared malware in existence. The Mirai botnet, which we now know was made to gain an advantage in the platforming game Minecraft, took down popular online services, including Twitter, Netflix, Spotify, and Reddit in 2016 after it successfully ambushed Dyn, a company that provides domain name services to major websites. Netlab 360 says this is the first it’s seen Mirai code used on an Android bot.
So far, between 2,750 and 5,000 devices—mostly Android smartphones and televisions—were infected in China and South Korea. Netlab 360 said the malware has “worm-like” qualities that allow it to proliferate without human interaction.
“Overall, we think there is a new and active worm targeting Android systems’ ADB debug interface spreading, and this worm has probably infected more than 5,000 devices in just 24 hours,” Netlab wrote in its report. “Those infected devices are actively trying to spread malicious code.”
The researchers are not disclosing information about infected devices, presumably to avoid giving copycat hackers what they need to further exploit the vulnerability. It’s also not clear what impact the malware has on devices aside from launching a cryptominer. In past cases, Monero-mining software has taken advantage of its host’s CPUs, causing them to slow or even shut down.
It’s not easy to offer advice on how to protect yourself from the malware since Netlab hasn’t said how it finds its way onto systems. However, developers should make sure the 5555 port on their devices is closed. Also, it’s always best practice to regularly change your passwords and download reliable anti-virus software.
We have reached out to Google and will update this article if we hear back.
Phillip Tracy is a former technology staff writer at the Daily Dot. He's an expert on smartphones, social media trends, and gadgets. He previously reported on IoT and telecom for RCR Wireless News and contributed to NewBay Media magazine. He now writes for Laptop magazine.