Mining Malware attacks Amazon’s FireTV

Share this…


A new strain of mining malware reaches the Android based TV systems, in specially Fire TV series, by Amazon.

If you have an Amazon FireTV and it stops playing videos suddenly and slows down, you may be attacked by something called ADB.Miner, which transforms televisions connected to the network into cryptocurrency mining equipment for the benefit of hackers, says experts from the International Institute of Cyber Security. The virus appears in the first instance when it is revealed as a test application

The original finding of this attack came from a XDA Developers Forum user, who complained about an application called “test”, which is not found in the appstore; this application appeared and forced the media content to stop. In worst cases, television collapses suddenly because it doesn’t process any input, as its processing capacity will be dedicated to cryptocurrency mining.

As with most kinds of mining malware, this strain uses the Fire TV system to undermine Monero using CoinHive, injecting the JavaScript code and by running it in background. According to experts who responded to the user, uninstall will not help unless users disable the Android Debug Bridge (ADB) on their devices. In the worst scenario, the most effective way to remove the virus would be to restore the TV to factory settings, losing all the stored data, depends on the user’s information security training level to prevent the worst scenarios.

This is not the first time we’ve heard of ADB.Miner. A few months ago, it managed to extend to 5,000 phones with Android operating system in just 24 hours.

Since the Amazon’s Fire TV runs on Android, it was only a matter of time before the virus also touched these devices. Netlab discovered that the mining malware scans devices for port5555, which normally uses the Android system for debugging.

This earlier version of ADB.Miner would extract from the phone natively to two mining groups instead of using JavaScript. Efforts to combat mining activity may have forced hackers to change the code to work with CoinHive.