A new cryptocurrency mining malware has been targeting Android devices, Trend Micro has reported. The Tokyo-based cybersecurity and defense company revealed that the new botnet malware is exploiting Android Debug Bridge (ADB) ports.
ADB is a command-line debugging application that Android developers use to resolve defects on their Android applications.
The new malware has been spreading fast, with Trend Micro detecting it in over 20 countries. It’s most prevalent in South Korea, a report by CoinDesk revealed.
By default, ADB ports don’t require authentication. Once a user installs them on their device, they can spread to any system that the device has previously shared an SSH connection with. SSH connections are widely used by developers to gain access to remote computers, even over an unsecured network.
The researchers explained, “Being a known device means the two systems can communicate with each other without any further authentication after the initial key exchange, each system considers the other as safe. The presence of a spreading mechanism may mean that this malware can abuse the widely used process of making SSH connections.”
The malware begins by updating the working directory to a .tmp file. These types of files are designed to execute without requiring the granting of special permissions. The malware then downloads three different crypto miners to a device. It detects which miner is most optimized for the device, factoring in the manufacturer, the hardware and the processor type of the device.
The botnet covers its trail brilliantly, Trend Micro revealed, stating, “Lastly, it employs an evasion technique that involves deleting the downloaded files. After spreading to other devices connected to the system, it deletes its payload files, removing the traces on the victim host.”
The Trend Micro researchers further found that the invading script, which introduces the miners, enhances a device’s memory by enabling HugePages. This memory enhancement tool enables the device to support pages greater than its default size, optimizing the mining process.
Additionally, if the botnet finds other mining programs to be using the device’s resources, it attempts to kill them off or invalidate them.
To protect themselves, Android users should check and change default settings to increase security, update their devices firmware and keep up to date with all the new tricks that the attackers are using, Trend Micro recommended.
New to Bitcoin? Check out CoinGeek’s Bitcoin for Beginners section, the ultimate resource guide to learn more about Bitcoin—as originally envisioned by Satoshi Nakamoto—and blockchain.