Crypto mining malware managed to infiltrate into Amazon’s Fire TVs and Amazon Fire Sticks. There’s a post on the XDA Developers forum that details this issue more.
ADB.Miner worm is using the Coinhive malware script
It seems that infected users have all noticed an app that’s called “test” that is running on their devices.
A developer who managed to break down the app’s code discovered a worm called ADB.Miner that has been using the famous Coinhive malware script to mine Monero.
After it’s installed the worm will use system resources to mine crypto and this leads to the crippling the device with slower performance and also issues targeting video playback.
Amazon Fire TVs and Fire Sticks are currently vulnerable to this threat because they are built on the Android OS which has been a target for the crypto mining malware for quite a while now.
The thread that we mentioned above mentions that the most effective way to eliminate the malware is to restore the factory settings on the device.
How can we get rid of this virus?
Well first, is there other Fire TVs or Android devices in your place? if the answer is yes then these devices could be infected too, this virus spreads using the ADB protocol so all the devices that have “ADB debugging” option enabled that are connected in your wifi network will get the virus, so is very important that you turn off “ADB debugging” in all your Android devices.
RESET TO FACTORY SETTINGS
There are several ways to get rid of this virus, the most effective way will be resetting to factory settings all your devices, and be careful next time what apk you install, and don’t forget to turn off ADB debugging when not in use.
DELETE VIRUS FILES
- Using ADB input these commands:
- shell rm data/local/tmp/ufo.apk
- shell rm data/local/tmp/lock.txt
- shell rm data/local/tmp/smi
- shell rm data/local/tmp/endat
- shell rm data/local/tmp/nohup
- uninstall com.google.time.timer
INSTALL MODDED VIRUS
If you don’t want to reset to factory settings and all you want is to “turn off” the miner then you can install the attached APK that is a modded version from the original virus except for the run.html is a blank page (without the mining script) and the Activities name from the AndroidManifest.xml were changed so it can’t start now, so pretty much the virus will think it’s working but it’s not.
HIDE THE VIRUS
As recommended here you could try the hide command:
pm hide com.google.time.timer
Mining malware has long been a severe issue in the world of crypto. Latest research shows that at least 5% of all Monero which is currently in circulation was mined illicitly by using various forms of malware.