According to Minernews, a malicious mining program called ADB.Miner (encryption worm) was found on Amazon Fire TV and Fire TV control sticks. This "worm" mainly invades Android system software and severely reduces the speed of TV operation. So far, Amazon has not responded to the hack.
The malicious application "Encryption Worm" can invade all Android platforms including Amazon's firewall, occupy the CPU and GPU power of the compromised device, and implement mining activities. The "crypto worm" mainly mines Monero (XMR), and the mined Monero goes directly to the hacker's wallet. The transmission and browsing speed of the compromised system is almost stagnant, and the user's screen will continue to flash white and receive a "TEST" prompt.
according to
according toxda-developersAccording to the analysis, the malicious application can only invade the hardware device through unofficial channels through the "Test" application named "com.google.time.timer" and when the Fire TV developer permission option is turned on.
The "Fire TV developer permission option" is turned off by default. In addition to enabling this function by the user, the developer permission may also be activated when packaging the gift/supporting application software. Once this permission is enabled, developers will be able to remotely control the operation of the device as an administrator without any authentication, such as installing malicious team building, performing malicious functions, etc.
UK-based security researcher Kevin Beaumont said Amazon TV devices bundled with the open-source media player Kodi were also included in the attack. Internet-connected device search engine discovery for detecting vulnerable,17,000 devices worldwide may be under attack right now. According to security researchers, 10,000-100,000 devices may be infected with the "encryption worm".
There are two main ways to break encryption worms: the easiest way is to restore the factory settings directly; the second way is to detect and disinfect malicious codes through some Android antivirus solutions, such as downloading the application Total Commander from the Amazon app store, but this This method may fail to pick up any traces that may be left behind.
In addition, to prevent further infection, it is necessary to confirm that "ADB debugging" and "Applications from unknown sources" are set to OFF in the system device menu.
In fact, in April this year, someone in the Android developer forum posted a post about the risk of "encrypted worms", but did not give a specific solution.
Similar to this attack, in February this year, 360's Netlab found that malware was scanning for vulnerable products on the Internet, including Android TVs and smartphones. Thousands of widgets in the Chinese and Korean markets were compromised by malware.
pointed outpointed outAt present, it is estimated that there are about 34,000 products related to deciphering passwords on the market for hackers to choose from. Yesterday, Apple rewrote its developer app guidelines to explicitly prohibit developers from installing malware into the App Store.
The wisdom of hackers and the improvement of technical security will be a continuous game, and there is always a contradiction between the user's demand for convenient services and the protection of privacy.I am Zhang Yi, a reporter from Odaily. I am exploring the real blockchain. For breaking news and communicating, please add WeChat ro20110723. Please note your name, unit, position and reason.
I am Zhang Yi, a reporter from Odaily. I am exploring the real blockchain. For breaking news and communicating, please add WeChat ro20110723. Please note your name, unit, position and reason.
