Slashdot is powered by your submissions, so send in your scoop

 



Forgot your password?
typodupeerror
×
Android Security Television

Android TV Box On Amazon Came Pre-Installed With Malware (bleepingcomputer.com) 35

A Canadian systems security consultant discovered that an Android TV box purchased from Amazon was pre-loaded with persistent, sophisticated malware baked into its firmware. BleepingComputer reports: The malware was discovered by Daniel Milisic, who created a script and instructions to help users nullify the payload and stop its communication with the C2 (command and control) server. The device in question is the T95 Android TV box with an AllWinner T616 processor, widely available through Amazon, AliExpress, and other big e-commerce platforms. It is unclear if this single device was affected or if all devices from this model or brand include the malicious component.

Milisic believes the malware installed on the device is a strain that resembles 'CopyCat,' a sophisticated Android malware first discovered by Check Point in 2017. This malware was previously seen in an adware campaign where it infected 14 million Android devices to make its operators over $1,500,000 in profits. The analyst tested the stage-1 malware sample on VirusTotal, where it returns only 13 detections out of 61 AV engine scans, classified with the generic term of an Android trojan downloader. [...]

Unfortunately, these inexpensive Android-based TV box devices follow an obscure route from manufacturing in China to global market availability. In many cases, these devices are sold under multiple brands and device names, with no clear indication of where they originate. [...] To avoid such risks, you can pick streaming devices from reputable vendors like Google Chromecast, Apple TV, NVIDIA Shield, Amazon Fire TV, and Roku Stick.

This discussion has been archived. No new comments can be posted.

Android TV Box On Amazon Came Pre-Installed With Malware

Comments Filter:
  • by dogsbreath ( 730413 ) on Friday January 13, 2023 @08:34PM (#63207314)

    The box in question is sold at a suspiciously low cost. I'd have to check but it looks about half of normal.

    More $$ certainly doesn't guarantee safety or quality but really a really low price usually means something is wrong.

  • The bottom of the barrel cheapest straight outta Shenzen media boxes are probably shady with questionable if not downright malicious software?

    I remember reading this same thing with cheapo Kodi boxes a few years ago. Android really is a mess in this way though. If i buy a windows box of any type really at the end of the day I can blow out the drive and reinstall Windows or Linux on it just the same. No guantee with these things though.

    • by NobleNobbler ( 9626406 ) on Friday January 13, 2023 @10:00PM (#63207402)

      Man, I need to make that shirt, "straight outta Shenzen"

      • by AmiMoJo ( 196126 )

        Major US and European manufacturers have had similar incidents in the past. I seem to recall some Dell machines shipping with malware pre-installed once, and way back in the 90s some... I think Tulip... machines in Europe.

    • Yes, hardware should be independent of Android. Just like any PC is OS free. You can install any OS on your PC. Same should be on these devices. But no, Google keeps it's claws on the boot and device interactivity. You need special image, you can not put a minimal system and then try or add drivers etc.
      • Yes, hardware should be independent of Android. Just like any PC is OS free. You can install any OS on your PC. Same should be on these devices. But no, Google keeps it's claws on the boot and device interactivity. You need special image, you can not put a minimal system and then try or add drivers etc.

        AFAIK generally (not being familiar with the particular box in TFA) on these kind of android tv boxes you can, I'm running coreelec from a usb stick on one right now. The problem is proprietary drivers compiled against old kernel versions and lack of documentation (not to mention the hardware which may or may not be what you actually ordered). I've had several but never have I used them with a gmail account as I don't trust them. If google had the ability to lock them down and certify that they were free fr

        • Yes, hardware should be independent of Android. Just like any PC is OS free. You can install any OS on your PC. Same should be on these devices. But no, Google keeps it's claws on the boot and device interactivity. You need special image, you can not put a minimal system and then try or add drivers etc.

          AFAIK generally (not being familiar with the particular box in TFA) on these kind of android tv boxes you can, I'm running coreelec from a usb stick on one right now. The problem is proprietary drivers compiled against old kernel versions and lack of documentation (not to mention the hardware which may or may not be what you actually ordered). I've had several but never have I used them with a gmail account as I don't trust them. If google had the ability to lock them down and certify that they were free from malware I'd see that as a positive (que google-is-malware yadda, yadda).

          Hmmm.

          Kinda like Apple?

      • But no, Google keeps it's claws on the boot and device interactivity. You need special image, you can not put a minimal system and then try or add drivers etc.

        These devices really don't have anything to do with Google. The Chinese makers put Android on them because it's free and can run tons of apps.

        • But no, Google keeps it's claws on the boot and device interactivity. You need special image, you can not put a minimal system and then try or add drivers etc.

          These devices really don't have anything to do with Google. The Chinese makers put Android on them because it's free and can run tons of apps.

          And can be soaked with Malware straight from the factory. . .

      • by ksw_92 ( 5249207 )

        Just like any PC is OS free. You can install any OS on your PC.

        Hmm...I'm having some trouble getting OS/360 installed on my Lenovo X1 but I'll take your word for it.

    • Yep, and buying from Amazon is no guarantee. With Amazon Marketplace being a Wild West, for most users indistinguishable from buying from Amazon, it's almost as bad as eBay.

      Cheap shit that'll variously electrocute you, burn down your house, or spy on you. Don't go cheap on anything electrical.

    • Android really is a mess in this way though. If i buy a windows box of any type really at the end of the day I can blow out the drive and reinstall Windows or Linux on it just the same. No guantee with these things though.

      I have yet to find an Android stick or box where you can't get images for it. Sometimes you have to get them from a site all in Chinese, but these days you can navigate those with a translator.

      • by Bert64 ( 520050 )

        Most of them are just reference designs from the SOC developer. It's not like the manufacturers of these devices would actually put any development effort into them as that would cut into the margins. You might not be able to find any information about the specific brand of device you have, but a generic image built for the same SOC will usually work.

  • "sold on Amazon" (Score:5, Insightful)

    by test321 ( 8891681 ) on Friday January 13, 2023 @08:55PM (#63207330)

    They say it like it's a quality label. Quite much the opposite. Amazon is currently not as a retail store, but as a street fair where resellers can purchase exposure without background checks. Amazon is pretty much a place to avoid for anything other than an alternate way of shopping for reputable brands, or simple known-good supplies already they have in stock for quick delivery.

  • Cheap junk loaded with malware. Should I be surprised?
  • Nothing new. (Score:4, Interesting)

    by alanshot ( 541117 ) <<moc.iru9dk> <ta> <yor>> on Friday January 13, 2023 @10:42PM (#63207464)

    Old news. I remember when digital photo frames first came out. Owner's daughter bought one. She asked us to show her how to load photos onto it.

    about 5 seconds after we plugged it into her laptop, AV software immediately alerted on a preloaded virus that was set to autorun (if allowed by the system, luckily our GPOs disabled that)

    The sad thing is the cost of this cheap Chinese knockoff wasnt that much lower than any other brand.

  • by Uldis Segliņš ( 4468089 ) on Saturday January 14, 2023 @12:45AM (#63207582)
    To avoid such risks, you can pick streaming devices from reputable vendors like ... Reputable vendors known for selling your data. How exactly am I avoiding the same outcome - unknown persons using my data, if I am not buying from unknown manufacturer, but from known bignames? And when malicios software is not classified officially as malware, but well known software with "necessary" functionality of selling my data. The result is same. Big guys do illegal stuff in plain sight, but when small ones try, they are the bad ones. Ahh puleeze!
  • These cheap Android boxes are like buying a pig in a poke, you never know what you are getting. Do they have malware? Do they run Google apps and services? Do they allow installing apps from Google Play? Do they even work at all? You never know until it is in your hands. Just try returning an Android computer to Amazon because it has compromised security.

    Instead, get a good quality used phone with a fairly recent version of Android, use an MHL cable for video output and a Bluetooth keyboard/trackpad.

  • First thing to do with those cheap Android boxes is replace Android with Linux, such as Libreelec. It should deal with most malware and makes the box far more stable to use.

    The suggestion to use a Google Chromecast or Amazon Fire TV does give you nicer hardware but unless you like endless ads on mass you will have to put a reasonable effort into setting them up.
    • If you're going to run Linux anyway, it probably doesn't make sense to buy something that comes with Android. Just get a Linux SBC in the first place, like a banana or pine.

  • by MrL0G1C ( 867445 ) on Saturday January 14, 2023 @05:51AM (#63207858) Journal

    Three quarters of the A/V programs failed to detect malware, including many big names like avast, avg, sophos, trendmicro, malwarebytes.

    Never rely on A/V to protect you from trojans. ( https://www.virustotal.com/gui... [virustotal.com] )

  • ...is malware. How could they tell the difference?
  • Since GOOG inception of its AndroidOS, malware has flourished with worldwide reach and scope. Its the OS defining achievement and unchallenged success.

    Someone should. This isn’t a product - never was.

  • Many of those devices come pre-installed with DRM malware.

  • "To avoid such risks, you can pick streaming devices from reputable vendors like Google Chromecast, Apple TV, NVIDIA Shield, Amazon Fire TV, and Roku Stick." Except if you're looking ti actually do anythign with the device that is more than stream. The offbrand ones are unlocked and you can oftentimes get new software for them. Certainly not the same as a roku or Apple TV

Top Ten Things Overheard At The ANSI C Draft Committee Meetings: (10) Sorry, but that's too useful.

Working...