Home > News

A Mining Botnet Has Affected 5,000 Android Users in Just 24 Hours

By Laura Tucker
A Mining Botnet Has Affected 5,000 Android Users in Just 24 Hours Featured Image

If you have an Android phone, you may want to be extra careful. A malware creator has figured out an all new way to infect devices. It mines digital coins for the attackers using your Android device. It’s quickly taking over as well, as 5,000 users have been affected by this mining botnet within a 24-hour time period.

If you have Internet port 5555 open, it can happen to you, too.

The Takeover

news-android-mining-botnet-takeover

This particular malware is said to have worm-like capabilities. Because of that, it can spread with or without you, according to the Chinese security firm Netlab’s researchers.

Affected Android devices scan networks looking for other Android devices that have port 5555 open. It’s normally a closed port, but the Android Debug Bridge developer tool opens it for diagnostic tests.

Infected Android devices from 2,750 unique IPs scanned Netlab’s laboratory after the botnet became active, and that all happened in just the first 24 hours. This was particularly alarming to the researchers, as they knew it meant that the malware was moving really quickly.

“Overall, we think there is a new and active worm targeting Android systems’ ADB debug interface spreading, and this worm has probably infected more than 5,000 devices in just 24 hours,” wrote the researchers. “Those infected devices are actively trying to spread malicious code.”

The researchers are also trying to be very careful at this point. They don’t want to give out too much information on how this was done, as they’re afraid of other attackers coming along and trying to do the same thing.

The Mining App

news-android-mining-botnet-mining

It’s not enough for the attackers to just take control of your device. They want to do a certain amount of evil with it as well.

They download an app to the devices that causes them to mine Monero, a digital coin. It’s unknown what effect the mining has on the device, but Monero mining apps have been known to physically damage Android devices.

All this work though in that 24-hour window hasn’t been too beneficial. So far the attackers have only gained about $3 for all their troubles.

What is not known is how exactly the attackers are carrying out this attack since the researchers aren’t publishing all the details. What they did allude to, however, is that it seems to only happen on devices with port 5555 open.

What Can You Do?

Since port 5555 is left open by debugging tools, it’s being suggested that you leave the debugging tools turned off, as that will keep port 5555 closed, as this malware won’t have an access point. And if you have to use Android Debug Bridge, just make sure you turn it off when you’re done.

Were you one of the 5,000 Android users that were infected or are you worried that you could become infected? Add your comments below.

Subscribe to our newsletter!

Our latest tutorials delivered straight to your inbox

Laura Tucker Avatar
Laura Tucker
Laura has spent more than 20 years writing news, reviews, and op-eds, with the majority of those years as an editor as well. She has exclusively used Apple products for the past 35 years. In addition to writing and editing at MTE, she also runs the site’s sponsored review program.

Read next

When the SS Great Eastern laid the first working transatlantic telegraph cable in 1866, a message that had taken ten days by steamship suddenly crossed the ocean in minutes, and the financial markets of London and New York were forced, within a single trading week, to invent the modern concept of synchronised global price.
From below of blue starry sky over radio telescope and trees with leaves
The Big Ear telescope was scanning at 1420.4056 megahertz on the night of 15 August 1977, the exact frequency at which hydrogen atoms vibrate across the universe, because Giuseppe Cocconi and Philip Morrison had argued years earlier that any species trying to be found would broadcast on that channel — and then, for 72 seconds, something did.
In 2016, archaeologists dated two rings of snapped stalagmites in France’s Bruniquel Cave to 176,500 years ago, evidence that Neanderthals had walked 336 metres into darkness with fire and built architecture deep underground long before modern humans reached Europe
Otto von Bismarck was 74 when Germany adopted the world’s first national old-age social insurance program in 1889, setting the pension age at 70 after years of fighting socialists with bans, laws, and a promise few workers would live long enough to use
When cosmonaut Valeri Polyakov stepped out of his Soyuz capsule in March 1995 after 437 consecutive days aboard Mir, doctors recorded him at several centimetres above his pre-flight height, and his spine had become so unaccustomed to gravity that the recovery team carried him to a chair rather than risk the compression of letting him walk.
When Bell Labs engineer Karl Jansky pointed a rotating antenna at the sky in 1932 looking for sources of transatlantic radio static, he kept picking up a faint hiss that peaked every 23 hours and 56 minutes, and he eventually realized he had become the first human to hear the center of the Milky Way.
A contemplative scene with two scientists in a vintage laboratory setting.
When Harvard astronomer Cecilia Payne submitted her 1925 doctoral thesis arguing that the Sun was made almost entirely of hydrogen, the field’s senior figure Henry Norris Russell talked her into adding a line calling the result ‘almost certainly not real,’ and then published the same conclusion himself four years later to widespread acclaim.
When seismic waves from the Chicxulub impact reached what is now North Dakota roughly ten minutes after the asteroid struck, they appear to have triggered a ten-metre standing wave in an inland river that flung fish onto the bank and buried them under glass beads still falling from the sky.