If you have ever installed Kodi on an Amazon Fire TV Stick or Box, then your device is vulnerable to a hack that will take over your device by installing an Android malware program called ADB.Miner.
What is ADB.Miner?
ADB.Miner is part of a malware bot-net will use your device’s CPU to mine for crypto-currencies. Such malware will definitely slow down your device, bottleneck your internet bandwidth, and have even been known to overheat and even destroy the device.
The above screenshot is from Shodan.io and shows Amazon Fire TV devices that are open to getting hacked via ADB.
How Is My Fire Stick Vulnerable?
You see, just about every tutorial on the internet that shows you how to install Kodi on a Fire TV Stick will start off with a step where you enabled ADB Debugging.
ADB stands for Android Development Bridge and opens up the device to listen to commands over port 5555. One such command will transfer an APK file and install the app on the device… all remotely over the network. That’s exactly how the adbLink method of installing Kodi works.
Well, the problem is that any device with access to your network can push an app to your Fire Stick if you left ADB Debugging on.
That’s how ADB.Miner spreads. It manages to get installed on one device, and as soon as that device accesses your home network, it scans for devices with port 5000 and pushes the malware to those devices as well.
Warning: It’s Stupid Easy to Hack into People’s Fire Sticks
I did it myself! I’m no hacker, but I took a few minutes and hacked into someone’s Fire Stick. (Sorry random guy in the UK who was just finishing a movie)
How, you ask? Well, using Shodan, I got a list of IP addresses of Fire TV devices with ADB exposed. I just opened up adbLink which I used to install Kodi on my Fire Stick, and I just added another device using that IP. Voila! I was able to browse and download files from their device (but I didn’t), I could install an app (but I didn’t), and I could even take a screen capture with the click of the button. That’s how I know the person was finishing a movie. It showed the ending credits.
Obviously, I’m not malicious and am not going to start hacking a bunch of people, but it really opened my eyes as to how easy it is for someone to spread malicious apps for their own financial gain.
How to Prevent Getting Hacked (if not already)
It’s very simple actually. On your Fire TV device, just go to Settings > Device > Developer Options > ADB debugging and switch it OFF.
How to Check If I’m Hacked Already
This malware installs in the form of an app called “Test”. Unfortunately, it doesn’t simply show up in your list of apps. The only way to tell if you have it is by searching on your Fire TV device for an app called Total Commander and using that to look in the “Installed Apps” folder to see if you have an app called “Test”. If so, your device is infected.
How to Clean My Infected Fire TV Device
If your device is indeed infected with this ADB.Miner malware, you have a few options. AFTVNews has 3 different methods to clean it up including doing a factory reset, simply uninstalling the malware, and even a clever method of installing a modified version of the malware app that has a higher version number but is actually clean of any malware.
Share and Comment?
I really hope this has been informative and helpful for you.
We really need to get the word out about this because there are so many people that are left vulnerable with this. Please share this post with anyone you know that uses Kodi on a Fire TV device.
Also if you have any comments or questions, please leave them below. Thanks!