An Android virus, specifically a malware worm variant, has been spreading across Android devices and has started appearing on Amazon Fire TVs and Fire TV Sticks. The worm is not specifically targeting Fire TV devices, but they are vulnerable because of their Android-based operating system. A thread on the XDA forums contains multiple Fire TV owners whose streaming media players have been infected by the malware. Here is everything you need to know about the virus, including what it does, how it spreads, how to know if your devices are infected, how to prevent getting it, and how to remove it if your device is infected.
About the Malware
The worm appears to be a version of a piece of Android malware called ADB.Miner that was first discovered earlier this year and has been spreading. The particular version appearing on Fire TV devices installs itself as an app called “Test” with the package name “com.google.time.timer”. Once it infects an Android device, it begins to use the device’s resources to mine cryptocurrencies and attempts to spread itself to other Android devices on the same network.
How it spreads
The malware appears to be getting installed by apps that are being sideloaded onto Fire TV devices. It is unknown which specific apps include the malware, but it seems that apps created for the purpose of watching pirated movies or TV shows are likely how the malware infects its first device. Once an initial device is infected, the malware can spread itself to other devices over ADB, even if those other devices never had apps sideloaded.
Symptoms of an infected device
Infected devices will become very slow to use. Loading apps will take longer than usual. This is because the malware is using 100% of the device’s processor to mine cryptocurrency. A screen that says “Test” with a green Android robot icon will also occasionally appear randomly on infected devices. This screen causes video playback and apps to abruptly stop, making the device difficult to use normally.
How to know if your device is infected
The simplest way to know if your device is infected is to see if you have an app named “Test” installed. If the app is present, it DOES NOT appear in the Fire TV’s regular app sections or in the Fire TV’s application management settings. You’ll need to use an app like Total Commander to check for the “Test” app.
- Install Total Commander from the Amazon appstore onto your Fire TV device.
- Launch Total Commander and select the “Installed Apps” menu item.
- If you see an app called “Test” installed on your device, then your device is infected.
How to prevent getting infected
To make it impossible for your Fire TV device to become infected by this malware, go to your Fire TV device’s Settings and select the “Device” menu item. Then select “Developer options” and ensure that “ADB debugging” and “Apps from Unknown Sources” are both set to “OFF”. These settings are off by default, so if you’ve never changed them, then you have always been safe from this malware.
There are good reasons for enabling either or both of these options, such as if you’re an app developer or if you want to sideload trusted apps. To keep your device safe, it is important to know how each of these two developer options makes your device vulnerable.
The “ADB debugging” option makes it possible for other devices on your network to remotely install apps onto your Fire TV device. This app installation process is done silently and does not produce any kind of prompt or approval request on the Fire TV itself. The only indication that the new app has been installed is a message that appears in the lower right corner of the Fire TV. This message disappears after a few seconds. The malware uses this ADB installation method to spread itself from infected devices to uninfected devices.
Newer Fire TV devices running Fire OS 6, which include the Fire TV 3 (pendant), Fire TV Cube, and 2nd-Gen Fire TV Edition televisions, have implemented an extra layer of protection for ADB connections. When a new device tries to connect to a Fire TV running Fire OS 6 for the first time, a prompt appears on the screen to approve the connection. If you ever see this prompt and you yourself did not initiate the connection, DO NOT allow the connection.
Older Fire TV devices running Fire OS 5, which include the Fire TV 1, Fire TV 2, Fire TV Stick 1, Fire TV Stick 2, and 1st-Gen Fire TV Edition televisions, do not ask for approval when a device connects via ADB. This is an oversight with all Android devices from this era, not just Amazon Fire TVs. It is for this reason why it is recommended to never leave ADB debugging on all the time. Only turn it on when you need it and turn it off immediately after you’re done using it.
If you’re not an app developer, you likely never need to enable ADB debugging. It is NOT necessary to enable ADB debugging if you are sideloading apps using my Downloader app. Sideloading utilities that run on a computer or mobile phone do require enabling ADB debugging on the Fire TV to successfully sideload, but, for this reason, it is safer to sideload using an app like Downloader.
The “Apps from Unknown Sources” option makes it possible for apps that are already installed on your Fire TV to install other apps. This option needs to be enabled if you are sideloading apps using my Downloader app. This method is safer than the ADB debugging method because apps cannot be installed silently through the Unknown Sources option. Any app that tries to get installed through this setting will display a full-screen message asking for you to approve the app that is trying to be installed.
If you ever see a request, like the one above, for an app to be installed that you yourself did not initiate, always select cancel. If you are sideloading an app and approve the installation and then see a second request for approval, you should cancel the request because the app you just installed is likely trying to install another app without you noticing. If you are sideloading apps onto your Fire TV device, always ensure that you trust the source of the app. Always try to download APK files directly from the app developer and not from third-party sources.
How to remove the Malware
Method 1: Factory Reset (Recommended)
Since the extent of the changes that the malware makes to the device are unknown, it is recommended to reset all changes by performing a factory reset. Before doing so, you should power off all Fire TV and Android devices that could be infected, so that your devices do not get re-infected after the factory reset. Putting the devices to sleep is NOT enough. You must unplug their power.
Once all devices but one are off, go to the Settings menu on the Fire TV you want to factory reset, select the “Device” menu item, and select the “Reset to Factory Defaults” option. If your device is rooted, follow these factory resetting instructions instead. Rooted devices should also have their pre-rooted ROM reinstalled. After the device has been reset to factory defaults, DO NOT turn on ADB debugging until after all devices have also been reset to factory defaults or you risk re-infecting your reset devices.
Remember, it is much safer to only turn on the “Apps from Unknown Sources” option and use my Downloader app for sideloading if you need to sideload apps after your device has been reset. Sideloading through the Downloader app does not require enabling ADB debugging.
Method 2: Uninstall the Malware
If you dread the idea of factory resetting your device and having to re-install all of your apps and start over, then you can try uninstalling the malware. This option is not recommended because it is unknown what other changes the malware has made to your device.
Before uninstalling the malware, you should power off all Fire TV and Android devices that could be infected, so that your devices do not get re-infected. Putting the devices to sleep is NOT enough. You must unplug their power.
Once all devices but one are off, go to the Settings menu on the Fire TV and select the “Device” menu item, and select “Developer options.” Make sure that “ADB debugging” and “Apps from Unknown Sources” are both OFF. Next, install the app Total Commander from the Amazon appstore. Launch Total Commander and select the “Installed Apps” menu item. Then select the “Test” app from the list and select “Uninstall” twice. Now power off the device and do the same for all other infected devices.
If you must turn on ADB debugging, only do so after all devices have been cleaned of the malware. Remember, it is much safer to only turn on the “Apps from Unknown Sources” option and use my Downloader app for sideloading if you need to sideload apps. Sideloading through the Downloader app does not require enabling ADB debugging.
Method 3: Install Modified Malware
If you do not want to factory reset your device and/or the malware keeps reappearing because your Fire TV keeps getting reinfected, you can try installing a modified version of the malware that doesn’t actually mine cryptocurrency. An XDA user by the name of innovaciones created this modified version of the malware. When installed, it updates the existing malware to a version that essentially turns off the miner. Obviously, it’s best to remove the malware entirely, but several people have reported that this modified version fixed their issues when they were unable to remove the malware entirely.
You can get the modified APK from this XDA post or from the short URL http://bit.ly/testappfix. The easiest way to install the modded malware is to use my Downloader app and enter
If you must turn on ADB debugging, only do so after all devices have the modded malware installed. Remember, it is much safer to only turn on the “Apps from Unknown Sources” option and use my Downloader app for sideloading if you need to sideload apps. Sideloading through the Downloader app does not require enabling ADB debugging.