Running Kodi on Amazon Fire TV or Fire TV Stick? You're at risk from cryptocurrency mining malware
Amazon’s Fire TV products are very popular with Kodi users, because it’s easy to install the media center software on it, along with any streaming add-ons.
Users of Kodi boxes are used to hearing of potential dangers -- some threats of which need to be taken with a pinch of salt -- but there’s a new malware variant that’s infecting Amazon Fire TV and Fire TV Stick devices globally, and which could well be on your device now.
- Google views Kodi as a piracy tool, makes it harder to search for
- How to install and use the fantastic Kodi alternative that's gaining in popularity
- Kodi warns users to update their software and addons for safer streaming
This thread on the XDA forums shows that a large number of Amazon Fire TV users have been infected with a piece of Android malware called ADB.Miner which installs itself as an app called "Test", under the package name com.google.time.timer. Once on a Kodi box it mines the Monero cryptocurrency and spreads to other vulnerable devices on the same network.
The worm infects devices which have ADB (Android Debug Bridge) debugging (aka Developer Options) enabled, and that’s something that users do in order to install Kodi on Android-powered devices like the Fire TV stick.
The worm appears to be being spread by the ADB.Miner botnet which scans the internet for Android devices with port 5555 open. According to Shodan, the Internet of Things search engine, over 17,000 Android devices are currently at risk, but this number is increasing daily, and in the US the majority of these devices are identified as "AFTS," "AFTM" or "AFTT" -- all Fire TV products.
You can check if your device has been infected by looking to see if you have an app called "Test" installed. You’ll probably need to use Total Commander from the Amazon appstore to check for this. Another giveaway is your Fire TV device will become very slow, apps will take an age to load, and streaming will be incredibly jerky as the malware uses as much of your device's limited processing power as possible to mine for cryptocurrency.
To avoid becoming infected, open up your Fire TV device’s Settings, select the Device menu and then Developer options. Make sure ADB debugging and Apps from Unknown Sources are both disabled.
If you’re already infected, the easiest way to remove the worm is to perform a factory reset. If you have more than one such device on your network, unplug all of them and go through the reset process one at a time in order to prevent devices becoming re-infected.
In the Device menu select Reset to Factory Defaults.