As it turns out, this “test” app is actually cryptocurrency malware that is infecting Amazon Fire TV and Fire TV Stick devices. The Test APK with the package name “com.google.time.timer” autostarts itself to execute a variation of the infamous ADB.Miner malware. Once a device is infected, the virus begins to use 100% of the device’s processing resources to mine Monero using CoinHive. To make matters worse, the malware spreads itself to other Android devices on the same network using ADB, making it difficult to deal with the situation.
Is my device infected?
Amazon Fire TV devices that are infected are slowed down drastically, with apps taking really long to load and all actions responding lazily. The Test app will also randomly pop up on the screen and make interaction with the UI difficult.
Simply checking for the Test application in the application list or in the application management settings doesn’t work as the app does not appear in these lists. Instead, use an app like Total Commander from the Amazon App Store to check. The Test app can appear even on devices that have not sideloaded any apps themselves, as the malware can spread itself to other devices over the network.
The exact source application of the malware is currently uncertain. However, it would not be far-fetched to pin the blame on sideloaded apps that aid in piracy of movies and TV shows.
Cleanup Solutions
If one of your devices is infected, there is a high chance that other Android devices (and not just Amazon Fire TV devices) on the same network are infected too. Before proceeding for cleanup, ensure that you disable ADB Debugging on all your devices, infected or otherwise.
Factory Reset
The most effective solution is to factory reset the infected device, as well as all other devices on the same network. Factory reset can be found in system settings. It will erase everything on the device and start from scratch. Make sure to back up anything important before doing a factory reset.
Uninstall Modded Virus
This solution is not recommended because the extent of the virus and the modifications it does on your system are unknown. You should only consider this option if factory resetting your devices is absolutely not an option.
You can delete the virus files using the following ADB commands:
shell rm data/local/tmp/ufo.apk
shell rm data/local/tmp/lock.txt
shell rm data/local/tmp/smi
shell rm data/local/tmp/endat
shell rm data/local/tmp/nohup
uninstall com.google.time.timer
reboot