The technical detail about latest WatchThis hasn't been published yet, but the previous KindleBrake seems to be using malicious JXR image payload via built-in browser. That sounds like pretty serious security flaw to me.