Users of Android devices that have left port 5555 for Android Debug Bridge (ADB) mode open are being infected with malware that mines cryptocurrency. Sometimes ADB is left open from the factory or when users customize their phones and forget to disable what is commonly referred to as "USB Debugging" mode. ADB mode doesn't require a password and allows anyone on the internet unfettered access to the Android device. The ADB.miner infection was the first to take advantage of the unprotected devices and made the creators of the malware a nice sum of cash mining cryptocurrency. It has been altered by another group into a new strain of malware that mines cryptocurrency called Trinity or com.ufo.miner. A third strain of malware called Fbot is scanning the internet and removing Trinity infections. The simple fix for it all is to close ADB. According to a Shodan search, the number of Android devices with an ADB port exposed online usually varies between 30,000 and 35,000 during a day. This second botnet, named Fbot, has not been seen mining cryptocurrency, yet. For not, Fbot, which researchers say shares code with the Satori IoT DDoS malware, has only been focused on spreading to as many devices as possible and permanently dislodging Trinity from infected devices. You see, Fbot contains special code that specifically searches for Trinity's file name (com.ufo.miner) and removes it.