360 Cyber Security Research Institute recently detected the world’s first bitcoin miner worm ADB.Miner on Android platforms. This malware can affect multiple smart TVs, TV boxes and set-top boxes which are operated by the ADB (Android Debug Bridge) switch. It is a newly emerged malware that could specially mine cryptocurrency via the android devices unlike traditional android virus. Shortly in 24 hours over 5,000 devices have been infected, and the number has increased to 7,000 by now. China and South Korea are among the hardest-hit areas.

Virus enter from your “gate”

ADB (Android Debug Bridge), bridges an android device with a PC end, allowing users to operate a device on the computer. It is a debugging interface provided by android system for the convenience of software developers who use this interface to enable USB debugging options. While in fact, this interface can be directly connected to a network port. In this context, an attacker can remotely operate an android device once it is connected to a network port.

Dstport 5555 is the work port of ADB interface on an android device. It is normally in OFF state, but if this port is mistakenly opened for unknown reasons, ADB.Miner then have access to invade users’ cell phone via this port.

The scan volume on dstport 5555 has reached up to three times of daily volume since 15:00 p.m. on Feb 3, and increased to 10 times at 24:00, which usually indicates the appearance of a new type of zombie, worm, or new network event. With further investigation, 360 Cyber Security Research Institute detected the ADB.Miner worm.

The Mira DDoS cyberattack causing internet outage on the US East Coast was first detected by the 360 cyber security institute in August 2016. And 360 was therefore publicly acknowledged by FBI after the case was solved.

Smart TV become mining machine

The blockchain technology and cryptocurrency frenzy have made cryptocurrency price go high all the way and triggered the recent crypto mining mania. Apart from the normal mining by mining machines, some wily guys plotted the idea of making a fortune by spreading bitcoin miner virus to turn users’ ordinary mobile phones into mining machines at zero cost.

From 2013 to January 2018, 360 Labs have captured more than 1,200 miner Trojans invaded in android platform, according to a recent report on bitcoin miner Trojans detected on android platform by 360 Labs. In January 2018, nearly 400 miner Trojans were captured on the android platform, accounting for nearly a third of the total Trojan on the android platform. It can be seen that miner Trojan on android platform is showing explosive growth.

Malware ADB.Miner has greatly increased the speed of virus spread.

The ADB.Miner worm find way in directly through the ADB interface rather than social networking lures through “SMS or spam”. The ADB interface has a lot of functions including file upload and shell instructions, by which the reproduction and operation of the worm is facilitated. When it is spread, ADB.Miner multiplexes the code of the SYN scan module in MIRAI in an attempt to speed up the detection of the openness of port 5555. It is noteworthy that this is also the first time MIRAI’s code be used in malicious code on Android devices.

How to avoid being a “free miner”?

Once infected by ADB.Miner, user’s Android devices will become a mining machine, and a lot of internal resources will be maliciously occupied with power consumption incredibly surging, resulting in Android device’ operating slow and being hot. If the malware continues to mine, user’s cellphone battery is most likely to be damaged. What’s worse, it also has root privileges, which means your cellphone will expose to more serious security risks.

Experts with 360 Cyber Security Institute suggest that,