While their low price helps make them a popular product, a number of people buy Amazon Fire TVs or Fire TV sticks so they can install streaming apps that allow them to watch pirated content. But it’s been discovered that these altered devices are vulnerable to infection from a cryptocurrency-mining Android virus.
Numerous online guides explain how to install apps such as Kodi on one of Amazon’s Fire TV devices, but you’ll find plenty of people selling them with the software pre-installed. As noted by Tom’s Guide, it requires enabling ADB debugging, aka Android Debug Bridge—a developer option not meant to be used by regular users. This opens up port 5555, which enables anybody to connect over the internet to a device. The ADB.miner botnet scans for this open port and then infects devices with a program that mines Monero, using up system resources to the point where it could potentially cause permanent damage.
Using Shodan, the search engine that lets users look for easily accessible internet-connected devices, 17,000 devices worldwide were found to be vulnerable, 2100 of these in the US—most of which wereAmazon TVs and Fire Sticks.
If you use your Amazon device to watch pirated content, it’s strongly suggested that you protect yourself from ADB.miner by switching ADB debugging and ‘allow apps from unknown sources’ to off.
The vulnerability isn’t limited to Amazon products, which have ADB debugging disabled by defualt. “Vendors have been shipping products with Android Debug Bridge enabled,” writes UK security researcher Kevin Beaumont. “We’ve found everything from tankers in the US to DVRs in Hong Kong to mobile telephones in South Korea. As an example, a specific Android TV device was also found to ship in this condition.”
If you think your device has already been infected—revealed by the appearance of an app called “Test” under the package name “com.google.time.timer”—a factory reset is suggested. You could also try to uninstall it directly using Total Commander from Amazon’s app store.