The “Test” app is found causing crypto mining activity on targeted devices
Security researches are warning about a new trend among cyber-criminals. It seems that they are slowly shifting from ransomware to crypto mining malware. This time, their target is Android gadgets, especially Amazon Fire TV and Fire Stick. Cryptominer, dubbed ADB.miner, has been found on these devices mining digital currency Monero.
ADB.miner is linked to the app called “Test” which spreads together with the package name “com.google.time.timer.” As soon as the malware is installed, it starts mining virtual currency. As a result, the affected machine slows down considerably and turns its normal usage to almost impossible. Additionally, the intense utilization of device's resources causes an obvious increase in electricity bill.
Hackers were able to find the vulnerability due to a powerful developer's feature letting the culprits to communicate with the device and even install applications remotely. Originally, this feature should be turned off, but users who employ third-party apps (mostly for watching pirated videos) have it turned on. Among affected devices there are also the ones that have pre-installed Kodi – a free open-source application which allows users to manage their media.
Being one of the most influential organizations in the world, Amazon has been actively targeted by phishing scams and malware. Alexa's security breach proved that Amazon's devices are still susceptible to vulnerabilities and the overall security should be improved.
The miner is related to a modified version of Android
So, how do cyber criminals get a chance to misuse Amazon devices? Most probably, the main issue hides inside the fact that Amazon Fire TV sticks and TV boxes use a modified version of Android – FireOS. No matter that the official version and the modified one are similar, the latter one uses a simplified interface which is supposed to help users turn their usage of the TV and a remote control more comfortable.
Additionally, apps that can be downloaded to the Amazon Fire device do not come from the Play store. By default, users are given access to Amazon AppStore which has a limited amount of applications that can be installed. Thus, many users are looking for more entertainment options elsewhere by using third-party sites. Sadly, these programs may be affected by ADB.Miner worm.
Malware spreads to other devices by using ADB function
ADB.miner acts like a worm, i.e., it can infect all devices connected to the same network. It is still unclear which apps have been injected with this malware, but, as soon as it gets onto the primary device, it can spread itself to other machines on the network using ADB feature.
The only way malware can infiltrate the targeted system is if the Android Debug Bridge function is on. There are two ways it can happen: either the user turns it on or the developer of the device had this function turned on for the customer. Unfortunately, security researcher Kevin Beaumont reported that multiple firms were shipping tablets and smartphones in that condition.
Overall, we think there is a new and active worm targeting android system's adb debug interface spreading, and this worm has probably infected more than 5,000 devices in just 24 hours.
You can detect and remove the worm from your device
To determine whether you are infected with ADB.miner on not, you need to check if you have “Test” app installed on your device. Unfortunately, this sneaky program does not show up in apps section or management settings. Thus, you need to install a file managing app like Total Commander to see if malware is there.
The best way to get rid of crypto-miner is to perform a full factory reset on your device. Before you complete it, you need to switch off all Android devices that could be infected. Once that is done, proceed with the following steps:
- On Your Fire device, click Settings
- Scroll to the right and pick System
- Scroll down and find Reset to Factory Defaults
- A warning message will come up – press Reset
- Wait till factory reset is complete
As a measure of precaution, you should select Device > Developer options and make sure that ADB debugging and Apps from Unknown Sources features are both set to OFF. This will prevent your device from being infected in the future.
Be careful online and do not download shady applications from questionable sources. After all, crypto mining malware is on the rise, and being infected by it might cost you the well-being of your device, as well as bring a hefty electricity bill.