
In just 24 hours, 5,000 Android devices are conscripted into mining botnet - tolien
https://arstechnica.com/information-technology/2018/02/out-of-nowhere-currency-mining-botnet-infects-5000-android-devices/
======
maltalex
> So far, the attackers have generated 0.0171757089 XMR, which at current
> prices is worth about $3.

------
orb_yt
Anyone care to guess how this is done?

The only way to open up ADB over a wireless connection is to set the device in
tcpip mode on port 5555 and then connect via adb using the device's IP and the
mentioned port.

However, adb is not shipped on Android devices (though adbd is). How is it
that a malicious device can install an application on another device as
claimed by the article?

~~~
laken
My (possibly un-educated) guess is that these particular infected devices are
insecure out of the factory, with these ports open and debugging enabled.

It's not unheard of for certain shoddy Chinese electronics to have glaring
security holes out-of-the-box, and a lot of these types of botnets go after
insecure IoT devices. A decent section of the IoT market uses Android, and it
wouldn't surprise me if these ports are left open with the debugging
installed.

