Android TV Box On Amazon Came Pre-Installed With Malware (bleepingcomputer.com) 35
A Canadian systems security consultant discovered that an Android TV box purchased from Amazon was pre-loaded with persistent, sophisticated malware baked into its firmware. BleepingComputer reports: The malware was discovered by Daniel Milisic, who created a script and instructions to help users nullify the payload and stop its communication with the C2 (command and control) server. The device in question is the T95 Android TV box with an AllWinner T616 processor, widely available through Amazon, AliExpress, and other big e-commerce platforms. It is unclear if this single device was affected or if all devices from this model or brand include the malicious component.
Milisic believes the malware installed on the device is a strain that resembles 'CopyCat,' a sophisticated Android malware first discovered by Check Point in 2017. This malware was previously seen in an adware campaign where it infected 14 million Android devices to make its operators over $1,500,000 in profits. The analyst tested the stage-1 malware sample on VirusTotal, where it returns only 13 detections out of 61 AV engine scans, classified with the generic term of an Android trojan downloader. [...]
Unfortunately, these inexpensive Android-based TV box devices follow an obscure route from manufacturing in China to global market availability. In many cases, these devices are sold under multiple brands and device names, with no clear indication of where they originate. [...] To avoid such risks, you can pick streaming devices from reputable vendors like Google Chromecast, Apple TV, NVIDIA Shield, Amazon Fire TV, and Roku Stick.
Milisic believes the malware installed on the device is a strain that resembles 'CopyCat,' a sophisticated Android malware first discovered by Check Point in 2017. This malware was previously seen in an adware campaign where it infected 14 million Android devices to make its operators over $1,500,000 in profits. The analyst tested the stage-1 malware sample on VirusTotal, where it returns only 13 detections out of 61 AV engine scans, classified with the generic term of an Android trojan downloader. [...]
Unfortunately, these inexpensive Android-based TV box devices follow an obscure route from manufacturing in China to global market availability. In many cases, these devices are sold under multiple brands and device names, with no clear indication of where they originate. [...] To avoid such risks, you can pick streaming devices from reputable vendors like Google Chromecast, Apple TV, NVIDIA Shield, Amazon Fire TV, and Roku Stick.
Always a risk but ... (Score:4, Insightful)
The box in question is sold at a suspiciously low cost. I'd have to check but it looks about half of normal.
More $$ certainly doesn't guarantee safety or quality but really a really low price usually means something is wrong.
Re: (Score:2)
Apparently I can't can't edit edit or or type type
No way bro (Score:2)
The bottom of the barrel cheapest straight outta Shenzen media boxes are probably shady with questionable if not downright malicious software?
I remember reading this same thing with cheapo Kodi boxes a few years ago. Android really is a mess in this way though. If i buy a windows box of any type really at the end of the day I can blow out the drive and reinstall Windows or Linux on it just the same. No guantee with these things though.
Re:No way bro (Score:4, Funny)
Man, I need to make that shirt, "straight outta Shenzen"
Re: (Score:2)
Major US and European manufacturers have had similar incidents in the past. I seem to recall some Dell machines shipping with malware pre-installed once, and way back in the 90s some... I think Tulip... machines in Europe.
Re: (Score:1)
Re: (Score:2)
Re: (Score:2)
Yes, hardware should be independent of Android. Just like any PC is OS free. You can install any OS on your PC. Same should be on these devices. But no, Google keeps it's claws on the boot and device interactivity. You need special image, you can not put a minimal system and then try or add drivers etc.
AFAIK generally (not being familiar with the particular box in TFA) on these kind of android tv boxes you can, I'm running coreelec from a usb stick on one right now. The problem is proprietary drivers compiled against old kernel versions and lack of documentation (not to mention the hardware which may or may not be what you actually ordered). I've had several but never have I used them with a gmail account as I don't trust them. If google had the ability to lock them down and certify that they were free fr
Re: (Score:2)
Yes, hardware should be independent of Android. Just like any PC is OS free. You can install any OS on your PC. Same should be on these devices. But no, Google keeps it's claws on the boot and device interactivity. You need special image, you can not put a minimal system and then try or add drivers etc.
AFAIK generally (not being familiar with the particular box in TFA) on these kind of android tv boxes you can, I'm running coreelec from a usb stick on one right now. The problem is proprietary drivers compiled against old kernel versions and lack of documentation (not to mention the hardware which may or may not be what you actually ordered). I've had several but never have I used them with a gmail account as I don't trust them. If google had the ability to lock them down and certify that they were free from malware I'd see that as a positive (que google-is-malware yadda, yadda).
Hmmm.
Kinda like Apple?
Re: (Score:2)
But no, Google keeps it's claws on the boot and device interactivity. You need special image, you can not put a minimal system and then try or add drivers etc.
These devices really don't have anything to do with Google. The Chinese makers put Android on them because it's free and can run tons of apps.
Re: (Score:2)
But no, Google keeps it's claws on the boot and device interactivity. You need special image, you can not put a minimal system and then try or add drivers etc.
These devices really don't have anything to do with Google. The Chinese makers put Android on them because it's free and can run tons of apps.
And can be soaked with Malware straight from the factory. . .
Re: (Score:1)
Just like any PC is OS free. You can install any OS on your PC.
Hmm...I'm having some trouble getting OS/360 installed on my Lenovo X1 but I'll take your word for it.
Re: No way bro (Score:2)
Yep, and buying from Amazon is no guarantee. With Amazon Marketplace being a Wild West, for most users indistinguishable from buying from Amazon, it's almost as bad as eBay.
Cheap shit that'll variously electrocute you, burn down your house, or spy on you. Don't go cheap on anything electrical.
Re: (Score:2)
Android really is a mess in this way though. If i buy a windows box of any type really at the end of the day I can blow out the drive and reinstall Windows or Linux on it just the same. No guantee with these things though.
I have yet to find an Android stick or box where you can't get images for it. Sometimes you have to get them from a site all in Chinese, but these days you can navigate those with a translator.
Re: (Score:2)
Most of them are just reference designs from the SOC developer. It's not like the manufacturers of these devices would actually put any development effort into them as that would cut into the margins. You might not be able to find any information about the specific brand of device you have, but a generic image built for the same SOC will usually work.
"sold on Amazon" (Score:5, Insightful)
They say it like it's a quality label. Quite much the opposite. Amazon is currently not as a retail store, but as a street fair where resellers can purchase exposure without background checks. Amazon is pretty much a place to avoid for anything other than an alternate way of shopping for reputable brands, or simple known-good supplies already they have in stock for quick delivery.
Re: "sold on Amazon" (Score:2)
Re: (Score:2)
Even when you order name brand shit on Amazon, chances are pretty high that it's counterfeit. Batteries are especially bad for that.
I'm not surprised (Score:2)
Nothing new. (Score:4, Interesting)
Old news. I remember when digital photo frames first came out. Owner's daughter bought one. She asked us to show her how to load photos onto it.
about 5 seconds after we plugged it into her laptop, AV software immediately alerted on a preloaded virus that was set to autorun (if allowed by the system, luckily our GPOs disabled that)
The sad thing is the cost of this cheap Chinese knockoff wasnt that much lower than any other brand.
To avoid such risks, LOL! (Score:3)
Use a phone instead (Score:2)
Instead, get a good quality used phone with a fairly recent version of Android, use an MHL cable for video output and a Bluetooth keyboard/trackpad.
Replace the firmware (Score:2)
The suggestion to use a Google Chromecast or Amazon Fire TV does give you nicer hardware but unless you like endless ads on mass you will have to put a reasonable effort into setting them up.
Re: (Score:2)
If you're going to run Linux anyway, it probably doesn't make sense to buy something that comes with Android. Just get a Linux SBC in the first place, like a banana or pine.
Show how bad AV are (Score:3)
Three quarters of the A/V programs failed to detect malware, including many big names like avast, avg, sophos, trendmicro, malwarebytes.
Never rely on A/V to protect you from trojans. ( https://www.virustotal.com/gui... [virustotal.com] )
Re: (Score:1)
ANDROID EOL? (Score:2)
Since GOOG inception of its AndroidOS, malware has flourished with worldwide reach and scope. Its the OS defining achievement and unchallenged success.
Someone should. This isn’t a product - never was.
Well that's nothing unusual (Score:2)
Many of those devices come pre-installed with DRM malware.
The real commercial sticks/boxes aren't the same (Score:2)