"Worm virus" hijacked, more than 100 million Amazon Fire TVs are "secretly mining"

According to Minernews, a malicious mining program called ADB.Miner (crypto worm) was found on Amazon Fire TV and Fire TV stick. This "worm" mainly invades Android system software and seriously reduces the operating speed of the TV. So far, Amazon has not responded to the hacker attack.

The malicious application "Cryptoworm" can invade all Android platforms including Amazon firewalls, occupy the CPU and GPU power of the invaded device, and carry out mining. "Cryptoworm" mainly mines Monero (XMR), and the mined Monero will be directly transferred to the hacker's wallet. The transmission and browsing speed of the invaded system is almost stagnant, and the user's screen will show a continuous flashing white state and receive a "TEST" prompt.

Compared with cryptocurrencies such as Bitcoin, Monero has stronger privacy and anonymity, and is more difficult to track, which is why it is favored by hackers. According to Palo Alto Network research statistics, about 5% of Monero was "stolen" in this way, with a value of about $143 million.

According to xda-developers analysis, the malicious application can only invade hardware devices through unofficial channels through a "Test" application named "com.google.time.timer" when the Fire TV developer permission option is turned on.

The "Fire TV Developer Permissions Option" is turned off by default. In addition to users turning on this feature themselves, developer permissions may also be activated when packaging free/supporting applications. Once this permission is turned on, developers will be able to remotely control the device as an administrator without any authentication, such as installing malicious team-building and executing malicious functions.

Kevin Beaumont, a British security researcher, said that Amazon TV devices that have been bundled with the open source media player Kodi are also among the victims of the attack. A search engine used to detect vulnerable networked devices found that 17,000 devices around the world may be under attack . Some security researchers said that 10,000-100,000 devices may be infected with the "cryptoworm."

There are two main ways to crack the crypto-worm: the simplest method is to directly restore the factory settings; the second is to detect and disinfect the malicious code through certain Android antivirus solutions, such as downloading the application Total Commander from the Amazon app store, but this method may not be able to pick up any traces that may be left.

In addition, to prevent further infection, you need to confirm that "ADB debugging" and "Apps from unknown sources" in the system device menu are set to off.

In fact, in April of this year, someone posted a risk warning about the "cryptoworm" on the Android Developer Forum, but did not provide a specific solution.

Similar to this attack, in February this year, 360's Netlab laboratory discovered that malware was scanning vulnerable products on the Internet, including Android TVs and smartphones. In the following days, thousands of small plug-ins concentrated in the Chinese and Korean markets were invaded by malware.

Compared with last year, the number of malware attacks this year has increased by 4,000%. A report by Carbon Black last Thursday pointed out that there are currently an estimated 34,000 password-breaking products on the market for hackers to choose from. Yesterday, Apple rewrote its developer application guidelines to explicitly prohibit developers from installing malware into the app store.

The intelligence of hackers and the improvement of technical security will be a continuous game, and the user's demand for convenient services and the protection of privacy will always be in conflict. As the Internet of Things gradually enters our living space, even the most vigilant privacy protectors will inevitably have to give up some personal privacy information, and it is becoming increasingly difficult to avoid the invasion of malicious mining.