With over 5000 infections the initial reports were that the ADB Cryptocurrency Miner worm was exploiting a flaw in Android’s implementation of ADB and that had some people running around screaming “oh noez!” fortunately that’s not what was happening although you might want to make sure you disable ADB for a bit.
What we’ve got is a malicious worm that targets certain Android devices with ADB running and available for networked access. Once your device is infected any free CPU cycles are spent mining cryptocurrency and if it’s found, depositing it in a criminal’s bank account. It also seeks out and attempts to infect other devices.
Here’s what currently has to happen in order for this to affect you. You have to be on the same network with an infected device in order for it to get you. You have to have ADB enabled (or whoever made your Kodi box had it enabled,) and… um, I think that’s it.
Time to panic? No. If you’ve got ADB on your phone turn it off just in case we start seeing PC or charging station to phone infections. Don’t let your friend Smelly Steve into the house with his all-warezed out Android. And remember that somehow this is all probably your cat’s fault.
So how did 5000+ devices get infected? Well, first off they all had ADB open and running and facing the network. ADB allows you to push programs to an Android device. They were also all most likely network ADB devices as I can’t imagine 5000 points of infection from physical contact, and considering the small number I’m starting to wonder if they all weren’t on the same VPN.
I’m betting Kodi boxes.[ZDnet]