- Jeff Costlow
- June 8, 2018
There is a new worm in the wild that spreads via Android remote debugging services. ADB services, when enabled, allow anyone to remotely execute code as root. This is a particularly nasty worm as an attacker can do anything with a device that is misconfigured to allow remote ADB. (Additional details about the worm are available here.)
Fortunately, the ExtraHop security team whipped up a quick dashboard to tell you when remote ADB connections are found on your network. Simply install the bundle and any remote ADB connections will show up on the dashboard. You can then find those devices and shut them down.
If you are a network administrator, you should block port 5555 at your firewall.
This is a companion discussion topic for the original entry at https://www.extrahop.com/company/blog/2018/android-worm-quick-response-with-extrahop/