Dubbed ADB.Miner by 360 Netlab is a new type of malware recently discovered to be infecting Android devices through a port linked with a debugging tool for the OS, according to researchers at Qihoo 360 Netlab.

This malware incorporates advanced port scanning module of notorious malware Mirai, gaining access to Android devices, mostly smartphones, and TV boxes. It exploits a vulnerability in Android Debug Bridge, a command-line tool that is used for debugging, installing apps and other purposes.

It is predominantly affecting devices in China and South Korea, but 360 Netlab is not identifying any of them at this time. “Overall, we think there is a new and active worm targeting android system’s adb debug interface spreading, and this worm has probably infected more than 5,000 devices in just 24 hours,” Wang wrote. In fact, 5555 port scanning traffic has hit the top 10, according to 360 Netlab’s own scanning data.

ADB communicates with devices via USB, but it is also possible for it to use WiFi, according to Android documentation. The botnet propagates itself in “worm”-like fashion, looking for open 5555 ports on other devices, most of which are Android-based, 360 Netlab researcher Hui Wang said in a blog post.

The botnet is distributing malicious code that is mining Monero coins, but as of yet none have been paid out, according to Wang.

The operators of the botnet are using the following Monero wallet address:

44XT4KvmobTQfeWa6PCQF5RDosr2MLWm43AsaE3o5iNRXXTfDbYk2VPHTVedTQHZyfXNzMn8YYF2466d3FSDT7gJS8gdHAr





Here are a few tips to ensure your Android-devices are protected from crypto-mining malware: