These popular Android TV boxes are reportedly shipping laced with malware

Cybersecurity researchers have discovered two popular Android TV box products are being sold online preloaded with malware

The malware generates revenue for the attackers by clicking on ads in the background, without the owners’ knowledge or consent, according to findings from cybersecurity researcher Daniel Milisic. 

Milisic went to Amazon to buy an AllWinner T95, a popular set-top box with a four-out-of-five-star rating, and countless reviews. The TV box comes with multiple streaming services, can be customized, and is generally considered good value for its relatively low price (around $40 without shipping). 

Impressive and unsettling

However, soon after receiving the item, Milisic discovered the tool was communicating with a C2 server and awaiting certain instructions. A deeper investigation showed the device connecting to a wider botnet comprising countless devices all over the world. The instructions were to download stage-two malware which performs ad-click fraud. 

After publishing his findings on GitHub, other researchers chimed in with support, including EFF security researcher Bill Budington, who not only confirmed MIlisic’s findings, but also said there were other devices doing the same thing. Here are some of the infected devices: AllWinner T95Max, RockChip X12 Plus, and RockChip X88 Pro 10.

Milisic reached out to the internet company that hosted the C2 servers and asked for them to be turned off, and the company complied quickly. However, he says that nothing is stopping the threat actors to erect a C2 server elsewhere and just continue their operation.

Speaking to TechCrunch, Budington didn’t hide his amazement: “It’s an impressive and unsettling operation,” he said.

“It’s difficult to quantify the scale of this network. What we do know is that everywhere we look there are different variants of Android trojan malware downloading next-stage malware from the same set of IPs, ones that have been involved in supply-chain attacks in the past.”

The worst thing is that the average user doesn’t really know how to install, or remove, such software from TV boxes, the researchers claim. For them, the best course of action would be to just replace the devices with something of more trustworthiness. For the researchers, he believes they should hold resellers to a higher standard and scrutinize hardware more.

“They’re not allowed to sell children’s toys made out of spinning razor blades, why is it OK to let small, unknown vendors sell computers acting maliciously without owners’ knowledge and permission?,” he concluded.

Via: TechCrunch



from TechRadar - All the latest technology news https://ift.tt/CS73KQI
Share:

No comments:

Post a Comment

Categories

Rove Reviews Youtube Channel

  1. Subscribe to our youtube channel
  2. Like our videos and share them too.
  3. Our youtube channel name Rove reviews.

WITNUX

This website is made by Witnux LLC. This website provides you with all the news feeds related to technology from large tech media industries like GSM Arena, NDTV, Gadgets 360, Firstpost and many other such ates altogether at technical depicts so that you need not go to several sites to view their post provide you advantantage of time.

From the developer
Tanzeel Sarwar

OUR OTHER NETWORKS

OUR YOUTUBE CHANNEL

ROVE REVIEWS PLEASE SUBSCRIBE

OUR FACEBOOK PAGE

The Rove Reviews

Support

Trying our best to provide you the best DONATE or SUPPORTour site Contact me with details how are you gonna help us