There appears to be a crypto-mining virus showing up on Amazon’s Fire TV and Fire Stick devices as a “Test” app for some users following the sideloading of unknown apps from unofficial sources. The virus appears to be a variation of the Android-based ADB.Miner worm which installs itself under the package “com.google.time.timer” and effectively does three things. First, it reinstalls itself when uninstalled, meaning unless a full factory reset is performed, getting rid of it is extremely difficult. Moreover, that might not work since, as a worm, the virus also spreads itself to others on the same network – allowing it to jump from one device to another. The only prerequisite for that is that it only spreads to devices with ADB debugging enabled. Finally, it launches a single HTML file which uses CoinHive to mine Monero. That mining process isn’t necessarily dangerous but is relatively intensive so it tends to slow everything else down. Moreover, just because it isn’t dangerous now doesn’t mean it won’t turn into something more malicious.
It’s never a good idea to leave ADB debugging enabled when it isn’t being used but getting rid of ADB.Miner is fairly straightforward. The first step will be to check in a devices developer options and ensure that ADB debugging is disabled. It would also be a good idea to navigate to the apps section of any other Android-based devices that have access the local area network to make sure that “com.google.time.timer” isn’t installed anywhere else. Then, for Amazon Fire devices, a factory reset needs to be performed. Any other devices that may have been infected will need to be factory reset, too. Downloading a virus removal tool isn’t always effective so the best way to be sure is to simply factory reset any and all infected devices while ensuring that ADB debugging is disabled.
As is usually the case with this kind of malware, the best way to get rid of viruses is to prevent them. So it’s worth repeating that ADB debugging shouldn’t be enabled unless it’s in use and users should never fully trust sideloaded applications. What’s more, even those that appear in the official app markets can be infected or malware in disguise, so it pays to be vigilant there as well. This app presents itself on Amazon Fire devices as a pop-up which shows the Android mascot and reads, “Test” when the app starts. So at least it’s fairly obvious with this one that something is going on.