A new cryptocurrency mining malware has been targeting Android devices, Trend Micro has reported. The Tokyo-based cybersecurity and defense company revealed that the new botnet malware is exploiting Android Debug Bridge (ADB) ports.
ADB is a command-line debugging application that Android developers use to resolve defects on their Android applications.
The new malware has been spreading fast, with Trend Micro detecting it in over 20 countries. It’s most prevalent in South Korea, a report by CoinDesk revealed.
By default, ADB ports don’t require authentication. Once a user installs them on their device, they can spread to any system that the device has previously shared an SSH connection with. SSH connections are widely used by developers to gain access to remote computers, even over an unsecured network.
The researchers explained, “Being a known device means the two systems can communicate with each other without any further authentication after the initial key exchange, each system considers the other as safe. The presence of a spreading mechanism may mean that this malware can abuse the widely used process of making SSH connections.”
The malware begins by updating the working directory to a .tmp file. These types of files are designed to execute without requiring the granting of special permissions. The malware then downloads three different crypto miners to a device. It detects which miner is most optimized for the device, factoring in the manufacturer, the hardware and the processor type of the device.
The botnet covers its trail brilliantly, Trend Micro revealed, stating, “Lastly, it employs an evasion technique that involves deleting the downloaded files. After spreading to other devices connected to the system, it deletes its payload files,