Cryptojacking is one of the latest malware threats you have to watch out for. It’s a growing problem and it’s starting to become one of the biggest tech scams out there.
With the current cryptocurrencies explosion, this new kind of profit-generating practice is quickly spreading. While cryptomining is a completely legal way to earn cryptocurrencies, cryptojacking is another story. It’s a new scheme by cybercriminals to profit off your gadget without your knowledge.
And it looks like it’s not strictly infecting computers and smartphones anymore. Nasty cryptomining malware was discovered in these best-selling Amazon products as well. Read on and learn more about this latest threat, how to spot and remove it, and how to prevent your gadgets from getting reinfected.
An Android worm has been spotted spreading to a number of popular Amazon products, mainly the Fire line of streaming devices like the Amazon Fire TV box and the Fire Stick.
The worm is not targeting Fire TV gadgets exclusively but Amazon’s Fire operating system is based on Android so these gadgets are also vulnerable to the same Android malware.
According to AFTVNews, the malware appears to be a variant of ADB.Miner, an Android worm that scans vulnerable gadgets on the web then infects them with a stealthy cryptomining virus.
However, instead of automatically infecting vulnerable devices, the Fire TV variant is installed through a side-loaded app named “Test” (package name is “com.google.time.time”).
Once it gets a foothold on your network, ADB.Miner will search for other vulnerable gadgets in your network including Android-based smartphones, tablets, smart TVs and set-top boxes that have publicly accessible Android Debug Bridges (ADB).
How can third-party apps make their way into Amazon’s supposedly closed Fire TV ecosystem anyway?
Similar to other Android gadgets, you can also turn on a Fire TV’s developer options like “ADB debugging” and “Apps from Unknown Sources.”
ADB debugging is a network tool Android ADB used for a variety of tasks including installing and debugging apps while turning on “Apps from Unknown Sources” allows you to install side-loaded apps to your Fire TV.
Why would anyone download and install this sketchy third-party app to their Fire TV gadgets? Well, according to AFTVNews, it’s an app that promises access to pirated movies and TV shows.
Symptoms of a cryptojacking infection on your Fire TV
Why is cryptojacking dangerous for your gadget? Well, it can make your gadget work overtime, relentlessly straining your gadget’s processor and cause it to overheat. It can also use up your data bandwidth without your knowledge.
You may find your Fire TV gadget to be unusually slow, with apps taking longer to load. Videos you’re attempting to stream may stutter and buffer all the time.
In some cases, infected Fire TV gadgets will show a notification that says “Test” together with the green Android robot icon. This screen also causes videos and apps to stop, making the gadget virtually unusable.
And that’s not all. Aside from secretly installing cryptomining software, the malware also scans your network and the internet for more victims it can infect. It’s exactly how a virus is supposed to operate.
How to spot ADB.Miner on your Fire TV
Another quick way to check if your gadget is infected is to check your installed apps and see if an app called “Test” is present. Keep in mind that this malicious app is stealthy and it won’t appear in your Fire TV’s app section nor its application management systems.
To spot it, you’ll need to install an app called Total Commander from the official Amazon app store.
Once installed, open Total Commander, go to the “Installed Apps” section then check if an app called “Test” is listed.
How to remove the malware
Factory reset – If you do suspect that your Fire TV is infected, the best way to get rid of the malware is to perform a factory reset. To avoid reinfection, make sure all your Android and Fire TV gadgets in your home network that may likewise be infected are unplugged.
To factory reset a Fire TV, navigate to its Settings section >> select Device >> then select “Reset to Factory Defaults.” After the factory reset, your Fire TV will reboot. Now make sure you that you keep the developer option “ADB debugging” off.
To prevent accidental malware installs from unauthorized sources, it is recommended that you turn off “Apps from Unknown Sources” as well.
Uninstall the malicious app – Although you can uninstall the malicious “Test” app with Total Commander, it’s not recommended since it is still unclear what other modifications ADB.Miner does to your Fire TV gadgets. If you are pretty sure that your gadget is infected, please perform a factory reset instead.
How to protect your Android gadget from ADB.Miner
As it mentioned earlier, to protect all your Android-based smartphone, tablet, smart TV and set-top box (not just Fire TVs) from ADB.Miner, make sure your gadget’s ADB interface is set to “Off.”
And as usual, beware of installing applications straight off the web and not from the official Amazon App Store and Google Play Store. Also, look out for surprise app permission requests that might pop out and never grant them!
And lastly, with the assortment of legitimate sites that offer free movies, accessing these illegal piracy sites and apps is not worth it. To keep your gadgets safe, just avoid piracy sites and apps in general.
The information contained in this website is for general information purposes only. The information is gathered from Komando while we endeavour to keep the information up to date and correct, we make no representations or warranties of any kind, express or implied, about the completeness, accuracy, reliability, suitability or availability with respect to the website or the information, products, services, or related graphics contained on the website for any purpose. Any reliance you place on such information is therefore strictly at your own risk.
Through this website, you are able to link to other websites which are not under the control of CSIRT-CY. We have no control over the nature, content and availability of those sites. The inclusion of any links does not necessarily imply a recommendation or endorse the views expressed within them.
Every effort is made to keep the website up and running smoothly. However, CSIRT-CY takes no responsibility for, and will not be liable for, the website being temporarily unavailable due to technical issues beyond our control.