"Overall, we believe malicious code based on the Android system ADB debug interface is now actively spreading in worms and infected over 5,000 devices in 24 hours," the team says.

New Matryosh botnet is targeting Android systems that have left their ADB debug interface exposed on the internet.

Researchers discovered a cryptocurrency mining botnet that uses the Android Debug Bridge (ADB) Wi-Fi interface and SSH connections to hosts stored in the known_hosts list to spread to other devices.

Since adding support last week, the number of Android devices running an exposed ADB interface —indexed by Shodan— has grown from around 1,100 on Friday to over 15,600 on Monday, and the ...