ADB.Miner and a continuing vulnerability
- Kevin Beaumont: Root Bridge — how thousands of internet connected Android devices now have no security, and are being exploited by criminals.
“Unfortunately, vendors have been shipping products with Android Debug Bridge enabled. It listens on port 5555, and enables anybody to connect over the internet to a device. It is also clear some people are insecurely rooting their devices, too.” He cites the following from Android’s developer portal:
“The adb command facilitates a variety of device actions, such as installing and debugging apps, and it provides access to a Unix shell that you can use to run a variety of commands on a device.”
- Catalin Cimpanu for Bleeping Computer: Tens of Thousands of Android Devices Are Exposing Their Debug Port. Not a new issue, as Qihoo implicated it in the spread of the Monero miner ADB.miner.
“The ADB.Miner worm exploited the Android Debug Bridge (ADB) … used for troubleshooting faulty devices … some vendors have been shipping Android-based devices where the ADB over WiFi feature has been left enabled in the production version…”
- Commentary by Graham Cluley: Tens of thousands of Android devices are leaving their debug port exposed
Catalin Cimpanu for Bleeping Computer: Ethereum “Giveaway” Scammers Have Tricked People Out of $4.3 Million – Online crooks promoting fake “giveaways” have tricked people out of 8,148 Ether, currently worth around $4.3 million, according to statistical data compiled in EtherScamDB.”
Graham Cluley: Bitcoin price takes a dive after another cryptocurrency exchange hack
– “Billions of dollars worth of wealth were wiped out this weekend after a South Korean cryptocurrency exchange was hacked … The exchange in question is called Coinrail…”
Lisa Vaas for Sophos: SHOCK! HORROR! SURPRISE! Bitcoin priceplosion may have been market manipulation – “Last year’s meteoric rise in the value of Bitcoin and other cryptocurrencies might well have been artificially inflated, according to a paper released on Wednesday by University of Texas finance professor John Griffin and graduate student Amin Shams.” Maybe not an outright scam, but a bit shady, if true.