This script downloads the two stage 2 shell scripts responsible for launching the stage 3 binary,” Trend Micro explains. It drops the stage 1 shell script via ADB connection to launch on the targeted system. “From our analysis of the network packets, we determined that the malware spreads via scanned open ADB ports. The security firm has observed a spike in activity on July 9-10, when network traffic came mainly from China and the US, followed by a second wave on July 15, primarily involving Korea. Now, Trend Micro says a new exploit is targeting port 5555. In early 2018, a worm leveraging a modified version of Mirai’s code was searching for devices with open port 5555 to spread for crypto-mining purposes. Scanning attacks specifically targeting the ADB port have been seen since January. Last month, however, security researcher Kevin Beaumont revealed that many devices ship with ADB enabled, which leaves them exposed to attacks. The ADB port is meant to be disabled on commercial devices and to require initial USB connectivity to be enabled. ![]() ![]() TCP port 5555 is designed to allow management of devices via Android Debug Bridge (ADB), an Android SDK feature that allows developers to easily communicate with devices and to run commands on them or fully control them. A wave of attacks is targeting Android devices with port 5555 open, likely in an attempt to ensnare them into a botnet, Trend Micro warns.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |