It was discovered that, thanks to a new piece of malware, some Android devices and televisions in Asia have been mining Monero unbeknownst to users.

On February 6, 2018, Chinese cybersecurity lab Netlab 360 detailed a newly discovered piece of malicious mining software.

The latest worm in what has been a series of mining software attacks, ADB.miner duplicates itself across devices by accessing a command line called the Android Debug Bridge (ADB). Estimates say the number of affected devices doubled every 12 hours but seemed to stabilize around 7,000 by the time of the report.

Android phones and TV boxes have thus far been the only devices to exhibit infection, although it has yet to be determined if other gear might also be susceptible to the worm.

The researchers assessed nine samples and found out how the worm function propagates: If devices in the vicinity of an infected device have an open 5555 port, the virus copies itself onto them by attempting to execute an ADB command. Once present, the worm also runs a Monero miner, which sends all mined cryptocurrency to a single wallet address.

So far, the detection of infected devices has been isolated to Asia, and “most of the victims come from China (39%, including Hong Kong and Taiwan) and Korea (39%).”