Android TV boxes sold by Amazon have been secretly loaded with malware, according to a Canadian infrastructure and security consultant who purchased the device.
GitHub post(opens in new window) and Reddit(opens in new window), Daniel Milisic warns about the T95 Android TV Box purchased on Amazon a few months ago. The product, which also uses the Allwinner h616 chip, is currently on sale from around $40 on Amazon and AliExpress.
Milisic noticed something was wrong when the Android 10 OS on the box was signed using a test key and the Android Debug Bridge was open and accessible to everyone over Ethernet and Wi-Fi. I was.
I bought a T95 Android TV Box Milisic. (Credit: Milisic/Amazon)
Then running the ad-blocking software Pi-hole on the device revealed various Internet domains that the TV box was trying to connect to. “This is how I discovered how this box was adorned with malware,” Milisic wrote, later adding:
Based on his analysis, the malware behaves similarly to CopyCat.(opens in new window) Android malware. It hijacks devices to install apps and display ads in an attempt to generate revenue for cybercriminals. Milisic also told PCMag that he found evidence that another malware called Adups was also installed on the device.
An unknown number of T95 Android TV boxes were loaded with malware. However, Milisic’s post includes tips for owners on how to check if their product is affected. If your TV box contains folder “/data/system/Corejava” and file “/data/system/shared”Settings/Openpreferences.xml”, then the device is compromised.
His GitHub post offers a way to partially defeat the malware by interrupting the communication path to a hacker-controlled server. But for non-technical users, the easiest way to deal with the threat is to unplug the product. In a Reddit post(opens in new window)According to Milisic, a factory reset simply reinstalls the malware on your TV box.
The incident serves as a reminder to be careful when purchasing products from unknown tech brands.
do you like what you are reading?
Apply security watch Get a newsletter of top privacy and security stories delivered to your inbox.