Saturday, December 7, 2024
HomeCryptocurrency hackAndroid Based Malicious CryptoMiner Spreading by Worm that has Infected more than...

Android Based Malicious CryptoMiner Spreading by Worm that has Infected more than 5,000 devices in 24 hours

Published on

SIEM as a Service

A malicious code that reuses Mirai bot spreading by a worm to mine Monero cryptocurrency and this is the first time Android worm reuse Mirai bot.

The infection spreads by scanning the 5555 adb port using the malicious code and this port is used by adb debug interface on Android.

This port should basically shut down on an android device but some case unknown part of the cause led to the wrong port opened.

- Advertisement - SIEM as a Service

Also Read Cryptocurrency Mining Smominru Botnet Infected more than 500,000 Windows Machines

Devices Infected – Android worm

This Android worm is spreading very actively more than 5,000 devices in 24 hours and it directly infects on adb debug interface in Android and it’s rapidly increasing its traffic.

Based on the initial analyze South Korea and China has reported the major infections especially smartphones, as well as smart TV set-top boxes.

Android worm
According to netlab.360 , the scan traffic on port 5555 starts around 15:00 pm, reaches 3 times the daily background data, and reaches 10 times around 24:00. To date, the number of IPs initiating scanning and the total scanning traffic are still growing.

Mainly affected devices are adb debug interface Android devices and malicious code found that most of the source device based on the Android operating system.

Also, the malicious code contains a script that clearly indicates that it trying to mining Monero.

  • Mine Pool Address: pool.monero.hashvault.pro: 5555 or pool . Minexmr . Com
  • Wallet address (mine account): 44XT4KvmobTQfeWa6PCQF5RDosr2MLWm43AsaE3o5iNR
    XXTfDbYk2VPHTVedTQHZyfXNzMn8YYF2466d3FSDT7gJS8gdHAr
  • Pond password: x

We initially highly suspected that the sample had a worm-like spread. Subsequent analysis confirmed the above speculation from several aspects. Follow-up We may release an update to further illustrate this point. netlab said.

Starting February Smominru botnet affects more than 526,000 windows servers and nodes are distributed worldwide and predominantly in Russia, India, and Taiwan.

The botnet approximately mines 24 Monero every day and researchers said most of them are windows servers that impact critical business infrastructure.

Balaji
Balaji
BALAJI is an Ex-Security Researcher (Threat Research Labs) at Comodo Cybersecurity. Editor-in-Chief & Co-Founder - Cyber Security News & GBHackers On Security.

Latest articles

Top Five Industries Most Frequently Targeted by Phishing Attacks

Researchers analyzed phishing attacks from Q3 2023 to Q3 2024 and identified the top...

Russian BlueAlpha APT Exploits Cloudflare Tunnels to Distribute Custom Malware

BlueAlpha, a Russian state-sponsored group, is actively targeting Ukrainian individuals and organizations by using...

Russian Hackers Hijacked Pakistani Actor Servers For C2 Communication

Secret Blizzard, a Russian threat actor, has infiltrated 33 command-and-control (C2) servers belonging to...

Sophisticated Celestial Stealer Targets Browsers to Steal Login Credentials

Researchers discovered Celestial Stealer, a JavaScript-based MaaS infostealer targeting Windows systems that, evading detection...

API Security Webinar

72 Hours to Audit-Ready API Security

APIs present a unique challenge in this landscape, as risk assessment and mitigation are often hindered by incomplete API inventories and insufficient documentation.

Join Vivek Gopalan, VP of Products at Indusface, in this insightful webinar as he unveils a practical framework for discovering, assessing, and addressing open API vulnerabilities within just 72 hours.

Discussion points

API Discovery: Techniques to identify and map your public APIs comprehensively.
Vulnerability Scanning: Best practices for API vulnerability analysis and penetration testing.
Clean Reporting: Steps to generate a clean, audit-ready vulnerability report within 72 hours.

More like this

Beware Of Malicious PyPI Packages That Inject infostealer Malware

Recent research uncovered a novel crypto-jacking attack targeting the Python Package Index (PyPI), where...

New Android Malware SpyAgent Taking Screenshots Of User’s Devices

SpyAgent, a newly discovered Android malware, leverages OCR technology to extract cryptocurrency recovery phrases...

North Korean Hackers Employing New Tactic To Acruire Remote Jobs

North Korean threat actors behind the Contagious Interview and WageMole campaigns have refined their...