Cybersecurity warns against crypto mining malware on Android phones

June 24, 2019, | AtoZ Markets Headquartered in Tokyo cybersecurity firm TrendMicro has detected a crypto mining malware on Android phones and other devices operating on the aforementioned OS.

How the detected crypto mining malware on Android phones works?

According to the TrendMicro report, the crypto mining malware on Android phone uses the devices’ Debug Bridge port, a system designed to resolve application defects in Android devices that work with Google’s operating system, to infect the users’ smartphones and tablets.

As the cybersecurity company reports, the newly detected cryptocurrency-mining botnet malware can spread via SSH (Secure Shell)  a cryptographic network protocol for operating network services securely over an unsecured network.

The malware design, according to TrendMicro, allows it to spread from the infected host to any system that has had a previous SSH connection with the host.

The IT company detected activity from the malware in 21 different countries, with the highest percentage found in South Korea.

As the report details, once the crypto mining malware on Android phones is installed, it downloads 3 different miners which are delivered by the same URL :

  • http://198[.]98[.]51[.]104:282/x86/bash
  • http://198[.]98[.]51[.]104:282/arm/bash
  • http://198[.]98[.]51[.]104:282/aarch64/bash

and activates the one that best suits the specific features of the smartphone or tablet depending on its processor, memory to get the best results.

To optimize the mining activity, the virus enhances the affected device’s memory by enabling HugePages, which will help the system support memory pages that are greater than its default size.

If the malware detects that the user already uses some mining system, it simply deactivates it. Lastly, the crypto-mining botnet employs an evasion technique that involves deleting the downloaded files. After spreading to other devices connected to the system, the malware deletes its files, removing the traces on the victim host.

About TrendMicro and cybersecurity recommendations in a brief

Founded in 1988, Trend Micro Inc. is headquartered in Tokyo and operates in more than 30 countries. The cybersecurity firm reminds in its report that an enabled ADB might expose the device and those connected to it to the aforementioned crypto mining malware on Android phones.

The company recommends following the practices for defending against illicit cryptocurrency-mining activities and botnets, such as:

  • Checking and changing default settings when necessary
  • Updating device firmware and applying available patches
  • Being aware of methods attackers use to spread these types of malware and tailoring defenses against them

Think we missed something? Let us know in the comments section below.

Share Your Opinion, Write a Comment