Thousands of Android Devices Affected by Monero Mining Malware

Feb 08 2018

Over the past few years, there has been a significant rise in cryptocurrency related crimes. While in the past, these ‘crimes’ were all about hacks, ransomware and thefts, malware too is on the rise now. Security researchers from China have now found an Android-based cryptocurrency mining malware, which mines for Monero (XRM) using the processing power of unsuspecting users’ smartphones.

Researchers from China’s 360Netlab have reported that they have found a malware called ‘ADB.Miner’, which makes use of the phone’s hardware power to mine for Monero. The malware makes use of a vulnerability by exploiting the open port 5555. This report from Chinese researchers finds out that over 7,000 devices have been infected. The malware affects not only Android smartphones but also tablets and set-top boxes. 

The 5555 ADB interfaces of those devices have already been opened before [they’re] infected. We have no idea about how and when this port was opened yet, the report states. 

As per the Chinese researchers who discovered the ADB.miner malware, it contains code from the Mirai Botnet.The Mirai Botnet is infamous for their attack on IoT devices last year. Millions of IoT devices were attacked using the DDoS attack last year. Moreover, there’s also a modified version of Mirai called Satori.Satori uses Satori.Coin.Robber to scan for devices operating as Ethereum mining rigs through port 3333.

Reports from 360NetLab indicate that this malware has largely been affecting devices from China and South Korea. An alarming statistic from the report reveals that the malware is spreading at a rapid speed. The number of scanned devices that are infected with this malware is doubling with every passing day. 

Over the past few months, there has been a sharp rise in these kinds of attacks where malware is affecting devices, causing them to mine for cryptocurrencies without their knowledge. While this is being spread by a malware on Android smartphones, there are many websites too, which are following a similar practice. When Monero is mined on a device using a javascript on a website, the process is called ‘cryptojacking’.

Cryptojacking too is on the rise of late. A number of websites are making use of the Coinhive javascript to mine for Monero on the PC of users without their knowledge. ThePirateBay was among the biggest names to follow this practice. The same coinhive script was modified and included in YouTube ads too - which caused a major controversy. Lately, this script was discovered in two of the biggest newspapers in India.

With cryptocurrencies providing more anonymity and privacy (especially Monero - which is a privacy-focused currency), they become a lucrative commodity for cybercriminals. Monero mining malware is on the rise and users as well as security researchers need to be vigilant. If your CPU usage suddenly spikes up without any apparent reason you probably need to check out if there’s a secret cryptocurrency miner affecting your device. 

Comments