Android Devices Become Target of a New Crypto Mining Malware

by Arnab Shome
  • The malware is spreading across devices using SSH.
Android Devices Become Target of a New Crypto Mining Malware
Pixabay
Join our Crypto Telegram channel

Cybersecurity firm Trend Micro has found a new crypto mining malware which is targeting vulnerable Android devices.

The botnet malware infiltrates the devices via Android Debug Bridge (ADB) ports, a system which is designed to resolve app defects in Android devices. It further spreads via SSH which allows it to affect all the devices which were previously connected to the infected host, let it be a mobile phone or an Internet-of-Things (IoT) device.

According to the cybersecurity company, the malware is affecting devices in 21 countries, among which, South Korea has the highest percentage of infected devices.

“We found that the IP address 45[.]67[.]14[.]179 connects to the ADB running device or system then conducts several activities,” Trend Micro explained. “The attack starts by using the ADB command shell to change the attacked system’s working directory to “/data/local/tmp”. This is because .tmp files typically have default permission to execute.”

The malware then executes an array of commands on the system to initiate mining and conceal itself from being discovered.

“The bot then determines the kind of system it has entered and whether the system is a honeypot or not, as indicated by the command ‘uname –a’,” the company added. “It then uses wget to download the payload, and curl if wget is not present in the infected system. The bot then issues the command “chmod 777 a.sh” to change the permission settings of the downloaded payload, allowing it to be executed.”

“Finally, when “a.sh” is executed, it is removed using the command “rm -rf a.sh*” to remove its traces.”

Can Cryptojacking be stopped?

With the rise of digital assets, crypto jacking has become common across all digital devices. In 2018, cybersecurity firm McAfee found a 4,000 percent increase in malicious crypto jacking attacks.

Earlier this month, Trend Micro also revealed that an URL that is being used to spread a Monero mining botnet bears a striking resemblance to a similar botnet created by the Outlaw hacking group. This shows infamous hacking groups' interest in crypto.

Last month, Finance Magnates reported that the developers of the infamous crypto mining malware Shelbot updated it to shut down other processes on infected devices to utilize more processing power for cryptocurrency mining.

Cybersecurity firm Trend Micro has found a new crypto mining malware which is targeting vulnerable Android devices.

The botnet malware infiltrates the devices via Android Debug Bridge (ADB) ports, a system which is designed to resolve app defects in Android devices. It further spreads via SSH which allows it to affect all the devices which were previously connected to the infected host, let it be a mobile phone or an Internet-of-Things (IoT) device.

According to the cybersecurity company, the malware is affecting devices in 21 countries, among which, South Korea has the highest percentage of infected devices.

“We found that the IP address 45[.]67[.]14[.]179 connects to the ADB running device or system then conducts several activities,” Trend Micro explained. “The attack starts by using the ADB command shell to change the attacked system’s working directory to “/data/local/tmp”. This is because .tmp files typically have default permission to execute.”

The malware then executes an array of commands on the system to initiate mining and conceal itself from being discovered.

“The bot then determines the kind of system it has entered and whether the system is a honeypot or not, as indicated by the command ‘uname –a’,” the company added. “It then uses wget to download the payload, and curl if wget is not present in the infected system. The bot then issues the command “chmod 777 a.sh” to change the permission settings of the downloaded payload, allowing it to be executed.”

“Finally, when “a.sh” is executed, it is removed using the command “rm -rf a.sh*” to remove its traces.”

Can Cryptojacking be stopped?

With the rise of digital assets, crypto jacking has become common across all digital devices. In 2018, cybersecurity firm McAfee found a 4,000 percent increase in malicious crypto jacking attacks.

Earlier this month, Trend Micro also revealed that an URL that is being used to spread a Monero mining botnet bears a striking resemblance to a similar botnet created by the Outlaw hacking group. This shows infamous hacking groups' interest in crypto.

Last month, Finance Magnates reported that the developers of the infamous crypto mining malware Shelbot updated it to shut down other processes on infected devices to utilize more processing power for cryptocurrency mining.

!"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|} !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|}