It's the Android debugger port, and it's used for infection, but the article doesn't exclude other methods nor mentions ports used by the malware.