X

Hackers infect Android phones, TVs to mine cryptocurrency

Chinese researchers found hackers turning internet-connected devices into tools for creating caches of the digital currency Monero.

Laura Hautala Former Senior Writer
Laura wrote about e-commerce and Amazon, and she occasionally covered cool science topics. Previously, she broke down cybersecurity and privacy issues for CNET readers. Laura is based in Tacoma, Washington, and was into sourdough before the pandemic.
Expertise E-commerce, Amazon, earned wage access, online marketplaces, direct to consumer, unions, labor and employment, supply chain, cybersecurity, privacy, stalkerware, hacking. Credentials
  • 2022 Eddie Award for a single article in consumer technology
Laura Hautala
2 min read
Photo of a key with its tip pointing upward, with a blurry circuit board in the background. Hackers infected smart TVs and phones and used them to mine for Monero, a cryptocurrency, researchers found.

Hackers infected smart TVs and phones to mine for Monero, a cryptocurrency, researchers found.

James Martin/CNET

Hackers have infected thousands of Android phones and smart TVs, turning the devices into miners for a popular cryptocurrency, researchers at Chinese cybersecurity firm Netlab360 found.

The attack affected 7,000 devices in China, which were hacked into a network that harnessed the processing power of the connected devices to mine, or digitally create, the Monero cryptocurrency, according to ZDNet. Though not as big as some recent botnets, security experts say this approach will increasingly be used by hackers looking to make money off of other people's computers, IoT devices, phones and tablets.

Netlab360 said the attack took advantage of an open port, a part of the operating system that allows a device to communicate with the internet. Hackers searched for devices connected through port 5555, which helped them find unsecured Android phones and TVs. They then infected them with malicious software, known as a worm, that looked for more devices to infect.

Google, which owns the Android mobile software, didn't respond to a request for comment.

The researchers told ZDNet the hackers weren't opening the port themselves, which would have been a much more worrying attack. "The 5555 ADB interfaces of those devices have already been opened before [they're] infected," the researchers said. "We have no idea about how and when this port was opened yet."

The hackers used the network of infected devices to run a program that mines for more Monero. The botnet gives hackers the computing power of thousands of devices without the costs associated with buying hardware, power or internet access.