“ADB.Miner” — malware created for the purpose of secret background cryptocurrency mining — is infecting Android devices, including mobile devices and Android TVs, as well as Amazon’s Fire TV hardware.
The malware targets devices compromised via their Android Debug Bridge (ADB), which usually has to be activated by the user, normally during the process of “side-loading” apps not downloaded from the Play Store and therefore, not sanctioned for use by Google.
However, it has been found that some devices actually ship with ADB activated by default, leaving them vulnerable to the rogue application. Once infected, device performance is impacted, causing significant lag and sluggish video playback. The malware is also capable of infecting users’ other devices with ADB activated via the internet.
The mining process is disguised as a seemingly harmless process called “com.google.time.timer”. It can be removed by performing a factory reset of infected devices and switching off ADB.