Vendors have been shipping Android products with Android Debug Bridge enabled, making them attractive targets for hackers.

Researchers discovered a cryptocurrency mining botnet that uses the Android Debug Bridge (ADB) Wi-Fi interface and SSH connections to hosts stored in the known_hosts list to spread to other devices.

"Overall, we believe malicious code based on the Android system ADB debug interface is now actively spreading in worms and infected over 5,000 devices in 24 hours," the team says.

Researchers spot Trinity and Fbot botnets trying to infect Android devices via the ADB interface.

The security community raised the alarm regarding a serious issue last week —that of Android devices shipping with their debug port open to remote connections.

WinADB is a graphical front-end for adb commands which is an all-in-one solution for carrying out the most common adb commands.

However, some might prefer to use the ADB interface through a computer. The setup process involves more than the on-device wireless debugging feature introduced with Android 11.

There’s a severe vulnerability in the way that all versions of Android handle the restoration of backups that can allow an attacker to inject a malicious APK file into the backup archive.