The Hide and Seek botnet has been updated to deliver new command injection exploits in a device’s web interface.
The variants exploit the Android Debug Bridge (ADB) over Wi-Fi feature in Android devices, a features that is normally used for trouble shooting, according to a 26 September Bitdefender blog post.
Despite the feature usually being disabled by default, some Android devices were shipped with the feature enabled allowing remote connections via the ADB interface that’s accessible using the TCP port 5555.
The addition of the malicious feature has may enable the botnet to amass at least another 40,000 new devices, researchers said, with most of the potential infections being in Taiwan, Korea and China, with some appearing in the US and Russia.
The problem has yet to be patched despite reports of abuse dating back to June, and recently the Fbot IoT botnet is also abusing the abusing the Android Debug Bridge interface after scanning port TCP 5555 for ADB service.
Android smartphones aren’t the only devices at risk, researchers warn smart TVs, DVRs and practically any other device that has ADB over Wi-Fi enabled could be affected too.