The previously unseen malware driving the botnet has worm-like capabilities that allow it to spread with little or no user interaction required, researchers with Chinese security firm Netlab wrote in a blog post published Sunday.
Once infected, Android phones and TV boxes scan networks for other devices that have Internet port 5555 open. Port 5555 is normally closed, but a developer tool known as the Android Debug Bridge
opens the port to perform a series of diagnostic tests. Netlab’s laboratory was scanned by infected devices from 2,750 unique IPs in the first 24 hours the botnet became active, a figure that led researchers to conclude that the malware is extremely fast moving. – Dan Goodin, Ars Technica http://ift.tt/2E4H641