https://wccftech.com/attackers-exploit-adb-satori-botnet/

Last month, a security report revealed that many Android phone makers are shipping devices with Android Debug Bridge (ADB) enabled by default. This exposed user devices to attacks since ADB is used to offer remote communication with devices. Since the Debug Bridge listens on port 5555, attackers could remotely access to install software or execute other functions.

While the feature is designed to offer developers a way to communicate with devices and execute commands, it should only be enabled after a user connects their devices via USB. It now appears that someone is trying to recruit these devices with open 5555 port in an attempt to turn them into a botnet.