Via Ars Technica:

A new internet worm emerged over the weekend that took less than 24-hours to infect Android devices such a smartphones and TV boxes. Once infected, the devices began mining the Monero brand of crypto-currency, and seeking additional devices to infect:

Once infected, Android phones and TV boxes scan networks for other devices that have Internet port 5555 open. Port 5555 is normally closed, but a developer tool known as the Android Debug Bridge opens the port to perform a series of diagnostic tests. Netlab’s laboratory was scanned by infected devices from 2,750 unique IPs in the first 24 hours the botnet became active, a figure that led researchers to conclude that the malware is extremely fast moving.

The worm was detected by a Chinese research firm and, while the scale of the infection is still relatively small, shows yet again that the current craze for bitcoin is generating increasingly troublesome side-effects for computer security in both the corporate and personal space.

Full article: https://arstechnica.com/information-technology/2018/02/out-of-nowhere-currency-mining-botnet-infects-5000-android-devices/.