Android Malware Found Mining Cryptocurrency on Amazon Fire TVs

Android Malware Found Mining Cryptocurrency on Amazon Fire TVs

Amazon’s Fire TV devices are a popular way to watch streaming content on a TV because they support plenty of services and come with a low price tag. However, a new spate of malware infections has the potential to interrupt your viewing as the device secretly mines cryptocurrency in the background. The good news is you have to make several critical mistakes to get infected.

Amazon’s Fire TV boxes and sticks all run Android, but it’s not the version of Android that Google certifies for smartphones, tablets, and Android TV devices. This is Amazon’s modified version of Android known as FireOS. It’s the same base used on the Fire tablets, but with a “lean back” UI that’s comfortable to use from across the room.

Like Amazon’s other Android devices, all the apps come from the company’s Appstore for Android rather than the Play Store. However, that store doesn’t have as much content. That has apparently led users to look for alternative apps to sideload manually on their streaming boxes. Unfortunately, some of those supposed streaming apps are in reality malware called ADB.Miner.

ADB.Miner is a worm, meaning it can spread to multiple devices across a network. So, users installed an infected app (usually an emulator or streaming app) on the Fire TV or another local Android device. If ADB debugging is enabled on the Fire TV stick, the worm can set up shop there even if it was installed someplace else. Leaving the “unknown sources” toggle for sideloading apps activated could also leave you vulnerable. These are both off by default, so someone would have to make changes in the settings to give the worm access.

Android Malware Found Mining Cryptocurrency on Amazon Fire TVs

When this rogue app infects a device, it installs a seemingly innocuous package called “com.google.time.timer.” The malware consumes resources as it mines cryptocurrency for the malware author. This leads to sluggish system performance and laggy video. Playback will even stop on occasion with a notification that says “Test” in the corner. This popup is often the only sign something is wrong with the system. If you aren’t using the device often, the malware could sit quietly next to your TV and gobble up electricity to make money for online criminals.

The easiest way to get rid of ADB.Miner is simply to factory reset your infected devices. That includes the Fire TV and whatever other Android devices on your network may be acting as carriers. You can manually remove the com.google.time.timer package, but you never know if the worm has left some other nasty surprise. Starting from scratch and being more careful what you sideload is a better bet.