BSV
$53
Vol 32.7m
-7.91%
BTC
$96235
Vol 48942.78m
-2.32%
BCH
$447.84
Vol 404.03m
-3.96%
LTC
$99.2
Vol 948.19m
-5.75%
DOGE
$0.31
Vol 6402.57m
-9.33%
Getting your Trinity Audio player ready...

A new cryptocurrency mining malware has been targeting Android devices, Trend Micro has reported. The Tokyo-based cybersecurity and defense company revealed that the new botnet malware is exploiting Android Debug Bridge (ADB) ports.

ADB is a command-line debugging application that Android developers use to resolve defects on their Android applications.

The new malware has been spreading fast, with Trend Micro detecting it in over 20 countries. It’s most prevalent in South Korea, a report by CoinDesk revealed.

By default, ADB ports don’t require authentication. Once a user installs them on their device, they can spread to any system that the device has previously shared an SSH connection with. SSH connections are widely used by developers to gain access to remote computers, even over an unsecured network.

The researchers explained, “Being a known device means the two systems can communicate with each other without any further authentication after the initial key exchange, each system considers the other as safe. The presence of a spreading mechanism may mean that this malware can abuse the widely used process of making SSH connections.”

The malware begins by updating the working directory to a .tmp file. These types of files are designed to execute without requiring the granting of special permissions. The malware then downloads three different crypto miners to a device. It detects which miner is most optimized for the device, factoring in the manufacturer, the hardware and the processor type of the device.

The botnet covers its trail brilliantly, Trend Micro revealed, stating, “Lastly, it employs an evasion technique that involves deleting the downloaded files. After spreading to other devices connected to the system, it deletes its payload files, removing the traces on the victim host.”

The Trend Micro researchers further found that the invading script, which introduces the miners, enhances a device’s memory by enabling HugePages. This memory enhancement tool enables the device to support pages greater than its default size, optimizing the mining process.

Additionally, if the botnet finds other mining programs to be using the device’s resources, it attempts to kill them off or invalidate them.

To protect themselves, Android users should check and change default settings to increase security, update their devices firmware and keep up to date with all the new tricks that the attackers are using, Trend Micro recommended.

Recommended for you

Google unveils ‘Willow’; Bernstein downplays quantum threat to Bitcoin
Google claims that Willow can eliminate common errors associated with quantum computing, while Bernstein analysts noted that Willow’s 105 qubits...
December 18, 2024
WhatsOnChain adds support for 1Sat Ordinals with new API set
WhatsOnChain now supports the 1Sat Ordinals with a set of APIs in beta testing; with this new development, developers can...
December 13, 2024
Advertisement
Advertisement
Advertisement