Jump to content

Cryptocurrency Mining Malware Strikes Fire TV Sticks


Recommended Posts

The malware has targeted thousands of vulnerable Android devices with a special developer feature activated, like Amazon Fire TV products sideloaded with sketchy apps.





Is your Amazon Fire TV Stick secretly mining cryptocurrency?


A hacker has reportedly unleashed Android malware that's been worming its way across thousands of vulnerable streaming devices—all in attempt to generate a virtual currency called Monero.


The malware, called ADB.miner, has been spreading thanks to a powerful developer feature found on the Android operating system that's supposed to be turned off. The feature, Android Debug Bridge, can let a developer communicate and remotely execute commands over the device, without any authentication.


So far, Amazon hasn't commented on the threat.


Normally, the debug feature runs dormant. But on Monday, AFTVnews reported that the malware has been spreading to Fire TV Sticks with the developer feature turned on. Affected devices will display an app called "test" that'll persistently pop up as a white page and interrupt your media streaming as it starts to mine the virtual currency.


Users in an Android developers' forum began posting about the problems in April, and realized the app was actually ADB.miner. However, it doesn't appear that all Fire TV Sticks are vulnerable. The problem occurs when sideloading sketchy apps, which can activate the Android Debug Bridge feature. According to UK-based security researcher Kevin Beaumont, Amazon TV devices that've been modified to ship with Kodi, an open source media player, are among those affected.


Making matters worse is that products that've been infected will also attempt to spread the malicious code to other devices. ADB.miner isn't specifically targeting Fire TV Sticks, but any Android device with the debug feature enabled.


In February, Chinese security firm Qihoo 360's Netlab noticed the malware was scanning the internet for vulnerable products, including Android TV devices and smartphones. In just a few days, it managed to infect several thousand gadgets, mainly in China and South Korea.


As for why, Beaumont speculates that some vendors have been accidentally shipping products with the Android Debug Bridge turned on. "This is highly problematic as it allows anybody — without any password — to remotely access these devices as 'root' — the administrator mode — and then silently install software and execute malicious functions," he wrote in a blog post detailing the threat.



For now, only the ADB.miner malware appears to be exploiting the misconfigured Android devices. In this case, the malicious code only mines a cryptocurrency, which will merely hog the product's CPU processing power. Between 10,000 to over 100,000 devices may have been infected with ADB.miner, according to security researchers.


To remove the malware on  Amazon Fire TV Devices initiate a factory reset, which can be accessed in the settings menu. That should clear the infection, but once the reset is finished, you'll need to make sure the Android Debug Bridge is turned off, to prevent possible re-infection. AFTVnews has a longer guide.


For owners of other affected Android devices, disabling the debug feature, and then deleting the "test" app should be able to clear the infection. Certain Android antivirus solutions can also detect and disinfect the malicious code.




Link to comment
Share on other sites

  • Replies 0
  • Views 492
  • Created
  • Last Reply


This topic is now archived and is closed to further replies.

  • Recently Browsing   0 members

    • No registered users viewing this page.
  • Create New...