Android TV Box sold on Amazon comes with special treatment: Malware

Android TV Box sold on Amazon comes with special treatment: Malware

Android TV Box sold on Amazon comes with special treatment: Malware

According to a Canadian infrastructure and security consultant who bought the device, an Android TV box sold on Amazon was found to be secretly loaded with malware.

In posts on GitHub(Opens in a new window) and Reddit(Opens in a new window), Daniel Milisic warns against the T95 Android TV Box, which he bought a few months ago on Amazon. The product, which also uses the Allwinner h616 chip, is currently sold on Amazon and AliExpress, starting at around $40.

Milisic noticed something was wrong when the box’s Android 10 OS was signed using test keys and the Android Debug Bridge was opened, allowing anyone to access it. via Ethernet and Wi-Fi.

A photo of the Android TV box

The T95 Android TV Box Milisic purchased. (Credit: Milisic/Amazon)

He then ran the Pi-hole ad-blocking software on the device, which revealed the various internet domains the TV box was trying to connect to. “That’s how I found out how riddled with malware this box is,” Milisic wrote, later adding, “The box reached many known active malware addresses.”

According to its analysis, the malware works similarly to CopyCat(Opens in a new window) Android malware, which can hijack a device to install apps and display ads in an attempt to generate revenue for cybercriminals. Milisic also told PCMag that he found evidence that a separate piece of malware, called Adups, had also been installed on the device.

It is unknown how many T95 Android TV boxes are loaded with the malware. But Milisic’s post contains advice for owners on how to find out if their product is affected. If the TV box contains the folder “/data/system/Corejava” and the file “/data/system/sharedpreferences/openpreference.xml”, then the device has been compromised.

Recommended by our editors

His GitHub post goes on to offer a way to partially disable the malware by disrupting its communication path to hacker-controlled servers. But for non-tech savvy users, the easiest way to deal with the threat is to unplug the product. In a Reddit post(Opens in a new window)Milisic said doing a factory reset simply reinstalls the malware on the TV box.

The incident is a reminder to be careful when buying products from unknown technology brands. Amazon did not immediately respond to a request for comment.

SecurityWatch<\/strong> newsletter for our top privacy and security stories delivered right to your inbox.”,”first_published_at”:”2021-09-30T21:22:09.000000Z”,”published_at”:”2022-03-24T14:57:33.000000Z”,”last_published_at”:”2022-03-24T14:57:28.000000Z”,”created_at”:null,”updated_at”:”2022-03-24T14:57:33.000000Z”})” x-show=”showEmailSignUp()” class=”rounded bg-gray-lightest text-center md:px-32 md:py-8 p-4 mt-8 container-xs”>

Do you like what you read ?

Register for Security Watch newsletter for our top privacy and security stories delivered straight to your inbox.

This newsletter may contain advertisements, offers or affiliate links. Signing up for a newsletter indicates your consent to our Terms of Service and Privacy Policy. You can unsubscribe from newsletters at any time.

Leave a Reply

Your email address will not be published. Required fields are marked *