Android Malware Found Mining Cryptocurrency on Amazon Fire TVs

Android Malware Found Mining Cryptocurrency on Amazon Fire TVs

Amazon’s Fire TV devices are a popular way to watch streaming content on a TV because they support plenty of services and come with a low price tag. However, a new spate of malware infections has the potential to interrupt your viewing as the device secretly mines cryptocurrency in the background. The good news is you have to make several critical mistakes to get infected.

Amazon’s Fire TV boxes and sticks all run Android, but it’s not the version of Android that Google certifies for smartphones, tablets, and Android TV devices. This is Amazon’s modified version of Android known as FireOS. It’s the same base used on the Fire tablets, but with a “lean back” UI that’s comfortable to use from across the room.

Like Amazon’s other Android devices, all the apps come from the company’s Appstore for Android rather than the Play Store. However, that store doesn’t have as much content. That has apparently led users to look for alternative apps to sideload manually on their streaming boxes. Unfortunately, some of those supposed streaming apps are in reality malware called ADB.Miner.

ADB.Miner is a worm, meaning it can spread to multiple devices across a network. So, users installed an infected app (usually an emulator or streaming app) on the Fire TV or another local Android device. If ADB debugging is enabled on the Fire TV stick, the worm can set up shop there even if it was installed someplace else. Leaving the “unknown sources” toggle for sideloading apps activated could also leave you vulnerable. These are both off by default, so someone would have to make changes in the settings to give the worm access.

Android Malware Found Mining Cryptocurrency on Amazon Fire TVs

When this rogue app infects a device, it installs a seemingly innocuous package called “com.google.time.timer.” The malware consumes resources as it mines cryptocurrency for the malware author. This leads to sluggish system performance and laggy video. Playback will even stop on occasion with a notification that says “Test” in the corner. This popup is often the only sign something is wrong with the system. If you aren’t using the device often, the malware could sit quietly next to your TV and gobble up electricity to make money for online criminals.

The easiest way to get rid of ADB.Miner is simply to factory reset your infected devices. That includes the Fire TV and whatever other Android devices on your network may be acting as carriers. You can manually remove the com.google.time.timer package, but you never know if the worm has left some other nasty surprise. Starting from scratch and being more careful what you sideload is a better bet.

Continue reading

Malware Masquerading as Android 2FA App Infected 10,000 Phones Before Removal
Malware Masquerading as Android 2FA App Infected 10,000 Phones Before Removal

Known simply as 2FA Authenticator, the app picked up more than 10,000 installs until security researchers identified it as a vehicle for trojan-dropper malware.

Clever Malware Masquerades as Windows 11 Installer
Clever Malware Masquerades as Windows 11 Installer

A Russian website disguised as an official Microsoft page is distributing an "upgrade installer" that won't get you Windows 11. What it will get you is a bunch of malware.

Researchers Devise Malware That Runs When an iPhone is Powered Off
Researchers Devise Malware That Runs When an iPhone is Powered Off

The iPhone's low-power mode allows users to access Express cards and locate lost devices even when the phone is turned off—but it also presents a concerning security vulnerability.

Google Warns of Sophisticated Malware Distributed With The Help of ISPs
Google Warns of Sophisticated Malware Distributed With The Help of ISPs

According to Google's Threat Analysis Group (TAG), this spyware was developed by an Italian company called RCS Labs. The firm claims to be on the right side of the law, but that doesn't change the fact its software is being used to breach user privacy.