Amazon Fire TV and Fire TV Stick have been infected with a new malware that uses the device’s computing power to mine cryptocurrencies. It could slowly infect all the devices in a network to harness their processing power.
The malware spreads through third-party apps and compromises entire networks. Therefore, devices in the same network, with no apps installed from unknown sources could also get infected. The worm does not specifically target Amazon devices but these are more vulnerable because of their Android operating systems.
Third party apps launch a new malware
According to AFTVnews, the malware called ADB.Miner is spreading on several Android devices, with Amazon Fire TVs being the latest in the list. The malware is installed on those devices that have apps from unknown sources.
It could also affect devices with developer options switched on — this option is off by default. The worm is installed as “Test” under the package name “com.google.time.timer.”
As the malware is installed, it uses all the device’s resources for mining cryptocurrencies, making the device become slow and video playback stop abruptly. When infected, the users find a green Android robot icon with the “test” notification on the screen.
As the worm spreads through a network, even those gadgets that have never installed apps from unknown sources could be affected. XDA-Developer forum threads contain a few ways on how the problem can be solved.
Can the devices be saved?
If you have switched ADB debugging on, switch it off immediately. The ideal step to save the gadget is to opt for a factory reset. Though some apps can be used to uninstall the malware, they are not fully effective.
An experimental option is to install a modified version of the malware that updates the virus and turns off its mining operations. This option should not be used by people who are less tech-savvy.
Open debug ports cause security threat in Android
A Security Boulevard report details how leaving the debug port opened in devices could make them slow and vulnerable to remote threats from criminals who can get full administrator access to devices and manipulate them to mine cryptocurrencies. The report quoted security researcher Kevin Beaumont’s blog post that stated:
“It is completely unauthenticated, meaning anybody can connect to a device running ADB to execute commands. However, to enable it — in theory — you have to physically connect to a device using USB and first enable the Debug Bridge.”
He also raised concerns about shipping and added:
“Unfortunately, vendors have been shipping products with Android Debug Bridge enabled. It listens on port 5555 and enables anybody to connect over the internet to a device. It is also clear some people are insecurely rooting their devices, too.”
No one has been able to calculate the number of affected devices yet. However, there is a possibility that the number is exponentially high.