Beware! Another Cryptojacking Malware is Spreading

Posted by Gulf South Technology Solutions on Feb 19, 2018 11:00:00 AM


        Are you familiar with the malware called Loapi? It can literally burn your smartphone to the ground. Loapi was nicknamed the "jack of all trades" of mobile malware. It can be adware. It can turn your phone into a botnet for DDoS attacks. It can do premium text scams, but most importantly, it can cryptojack your gadget. 

What is Cryptojacking?                                                                                                    It's a new method for hackers to generate revenue for themselves at your expense. Since cryptomining consumes tons of electrical energy, fraudsters love sourcing out this activity to others. Instead of putting up server farms dedicated to cryptomining, they would rather steal your computing resources to do the heavy lifting for them. They can do this by installing cryptomining malware secretly on your phone of computer. Think of it as being similar to a botnet, except it's used for mining cryptos like Bitcoin or Monero instead of performing denial of service attacks.

New Mobile Cryptojacker Spotted                                                                                Cryptojacking is a growing problem. It's a new threat that can impact Windows machines, Internet-of-Things appliances, and Android gadgets. It's getting more popular as we speak. In fact, security researchers from Chinese security company Qihoo 360 Netlab have recently discovered a new form of mobile cryptojacking malware. The malware, name ADB Miner, is an Android worm that scans vulnerable gadgets on the web, then infects them with hidden cryptomining software.                                                                      ADB Miner is said to be using the same scanning code as Mirai. If you may recall, Mirai was used to launch the massive botnet attacks of 2016 that crippled the Dyn DNS servers. It searches for the IP addresses of vulnerable gadgets, including Android based smartphones, tablets, smart TVs and set-top boxes that have publicly accessible Android Debug Bridges (ADB).                                                                                                                                  Android ADB is a command line tool used for a variety of tasks including installing and debugging apps. Using the same techniques as Mirai, ADB Miner searches for gadgets with open 5555 ports and accessible ADB interfaces. If successful, the malware proceeds to infect the Android gadget with software that mines the cryptocurrency called Monero.                        Why is cryptojacking dangerous for your gadget? Well, it can make your gadget work overtime, relentlessly straining your gadget's processor and cause it to overheat. It can also use up your data bandwidth without your knowledge. And that's not all. Aside from secretly installing cryptomining software, the malware also scans the internet fro more victims it can infect. It's exactly how a virus is supposed to operate.                           Netlab researchers note that the infections were first spotted in January 2017 and the number of victims have increased steadily. As of February 4th, they have already detected 7,400 IP addresses using the Monero cryptomining code. Based on the IP addresses, it looks like the majority of victims are from China and South Korea, but due to wormable features of ADB miner, it can spread globally quickly.

How to protect your Android Gadgets from ADB Miner:                                         Make sure your gadget's ADB interface is disabled. All Android gadgets have ADB port 5555 closed anyway, so if you haven't enabled it manually you should be fine. It's also a good idea to put your network behind a firewall. Most routers have basic firewalls that will let you disable ports. As usual, beware of installing apps straight off the web and not from the official Google Play Store. Look out for surprise app permission requests that might pop out and never grant them! Make sure you enable Android's real-time security program, Google Play Protect. It certainly will be a huge help in containing malicious apps before they can cause damage. Beware! Another Cryptojacking Malware is Spreading. February 7, 2018. Francis Navarro. WestStar Multimedia Entertainment, Inc.Cryptojacking Malware is Spreading



Topics: Malware, Cryptojacking, cyberthreats, #protectyourself, #smartcomputers, smartphones