Within days of appearing over the weekend, a fast-moving botnet appeared over the weekend has hijacked thousands of Android devices for the apparent purpose of mining cryptocurrency for its creators.

"Overall, we think there is a new and active worm targeting Android systems' ADB debug interface spreading, and this worm has probably infected more than 5,000 devices in just 24 hours," said researchers with the Chinese security firm Netlab.  "Those infected devices are actively trying to spread malicious code."

This previously-unseen malware has worm-like capabilities that allow it to spread with little or no user interaction required.  It seeks out and infects devices that have Internet port 5555 open.  Netlab discovered the malware by detecting incoming scans from 2,750 infected devices with unique IP addresses.  These came in the first 24 hours the botnet became active.

Once infected, the devices begin running an unwelcome app that mines a cryptocurrency known as Monero.  This could be potentially harmful, as past Monero-mining malware have actually physically damage the Android devices running them.