This usually happens when the instance has been hacked via ADB.
ADB connection is not secured, nor authenticated: if your instance inbound rules allow any connections to anyone - or if TCP port 5555 is open to anyone (0.0.0.0/0) - and ADB access is enabled, then anyone can connect to it via ADB and inject malicious software or corrupt it.
If this is your case, delete your instances as soon as possible and use one the following methods to secure ADB connections:
- adjust your EC2 firewall rules to restrict access to authorized hosts only. Please refer to Network Security Settings for more details.
- block any inbound connections to TCP port 5555 and use a SSH tunnel.