Trend Micro Detects Crypto-Mining Botnet Exploiting Android Devices

A new crypto-mining botnet has made its way onto Android devices, allowing hackers to take control of one’s digital device or computer to mine digital currency. Monero is usually the subject of the attackers’ attention due to its quasi-anonymous properties. A user is unaware that their device has been taken over and is being utilized for mining purposes.

Unfortunately, that does not mean much to the hackers who exploit a device’s energy to mine new coins and earn a massive profit, while leaving the owner with nothing but soaring energy bills. It is an unfair sight in various way and something that seemingly spreads rapidly across the crypto arena.

Cybersecurity firm Trend Micro discovered the botnet, which has allegedly spread to about 21 nations and most active in South Korea.

“Any system that has connected to the original victim being attacked via SSH is likely to have been listed as a ‘known’ device on its operating system. Being a known device means the two systems can communicate with each other without any further authentication after the initial key exchange. Each system considers the other as safe. The presence of a spreading mechanism may mean that this malware can abuse the widely used process of making SSH connections,” Trend Micro stated.

The botnet operates by exploiting open ADB ports on Android devices. These ports are found on Android phones, but many do not ship to clients with these ports enabled. Others that do are at risk, however, since open ADB parts do not necessitate authentication as a “default setting.” That lets the botnet enter and spread from the devices to every acquainted network via SSH connections.

The botnet then conducts scans on the host item as well as connected networks and releases a command, permitting its malware to be downloaded to the target system. Permission settings are disposed of, together with whatever evidence indicating the presence of the malware.

Such type of malware is seemingly becoming more prevalent. The shutdown of Outlaw and similar systems intended to attack computer networks is good, but their existence disavows the legitimacy the cryptocurrency ecosystem is continually working to build.