The botnet is aimed primarily at port 5555, used by Android Debug Bridge (ADB) - an Android component that represents access to various functions of the system. Starting from Saturday, February 3, when the bot was launched, the number of victims increased rapidly every day. Already on Monday, February 5, 7,400 infected devices were detected.
"The number of scanning sources doubles every 12 hours. Now we are only watching how much this botnet can grow, "said Jiming Gong, director of the research laboratory Network Security Research company Qihoo 360, the first to detect the virus.
According to experts, ADB.miner scans port 5555 with 7,400 unique IP addresses (infected devices). Before the virus, this port was not included even in the top ten most scanned by the version of Netlab, and now it has risen to the fourth place. Most of the affected users are in China (about 40%) and South Korea (about 30%). According to the director of Network Security Research, the botnet, for the most part, infected the set-top boxes, not smartphones.
The creators of ADB.miner borrowed the code from Mirai, a group of malicious programs based on Linux, which previously focused only on network devices and the Internet of things.
It's important to note that all Android gadgets are shipped with the ADB port disabled. Infected with this botnet device - those in which manufacturers or users activated port 5555 manually.
Huuuh Aigooo! They should resolve all issues.. And get everything in good condition.. Thanks for the info.
ReplyDeleteHmmmm this miners, well let the issue be resolved, for normalcy
ReplyDelete