Tweet
Cybersecurity researchers have discovered two popular Android TV box products are being sold online preloaded with malware.
The malware generates revenue for the attackers by clicking on ads in the background, without the ownersâ knowledge or consent, according to findings from cybersecurity researcher Daniel Milisic.
Milisic went to Amazon to buy an AllWinner T95, a popular set-top box with a four-out-of-five-star rating, and countless reviews. The TV box comes with multiple streaming services, can be customized, and is generally considered good value for its relatively low price (around $40 without shipping).
[HEADING=1]Impressive and unsettling[/HEADING]
However, soon after receiving the item, Milisic discovered the tool was communicating with a C2 server and awaiting certain instructions. A deeper investigation showed the device connecting to a wider botnet comprising countless devices all over the world. The instructions were to download stage-two malware which performs ad-click fraud.
After publishing his findings on GitHub, other researchers chimed in with support, including EFF security researcher Bill Budington, who not only confirmed MIlisicâs findings, but also said there were other devices doing the same thing. Here are some of the infected devices: AllWinner T95Max, RockChip X12 Plus, and RockChip X88 Pro 10.
Milisic reached out to the internet company that hosted the C2 servers and asked for them to be turned off, and the company complied quickly. However, he says that nothing is stopping the threat actors to erect a C2 server elsewhere and just continue their operation.
Read more
Speaking to TechCrunch, Budington didnât hide his amazement: âItâs an impressive and unsettling operation,â he said.
âItâs difficult to quantify the scale of this network. What we do know is that everywhere we look there are different variants of Android trojan malware downloading next-stage malware from the same set of IPs, ones that have been involved in supply-chain attacks in the past.â
The worst thing is that the average user doesnât really know how to install, or remove, such software from TV boxes, the researchers claim. For them, the best course of action would be to just replace the devices with something of more trustworthiness. For the researchers, he believes they should hold resellers to a higher standard and scrutinize hardware more.
âTheyâre not allowed to sell childrenâs toys made out of spinning razor blades, why is it OK to let small, unknown vendors sell computers acting maliciously without ownersâ knowledge and permission?,â he concluded.
[ul]
[li]Here are the best firewalls around[/li][/ul]
Via: TechCrunch
Continue readingâŚ
The malware generates revenue for the attackers by clicking on ads in the background, without the ownersâ knowledge or consent, according to findings from cybersecurity researcher Daniel Milisic.
Milisic went to Amazon to buy an AllWinner T95, a popular set-top box with a four-out-of-five-star rating, and countless reviews. The TV box comes with multiple streaming services, can be customized, and is generally considered good value for its relatively low price (around $40 without shipping).
[HEADING=1]Impressive and unsettling[/HEADING]
However, soon after receiving the item, Milisic discovered the tool was communicating with a C2 server and awaiting certain instructions. A deeper investigation showed the device connecting to a wider botnet comprising countless devices all over the world. The instructions were to download stage-two malware which performs ad-click fraud.
After publishing his findings on GitHub, other researchers chimed in with support, including EFF security researcher Bill Budington, who not only confirmed MIlisicâs findings, but also said there were other devices doing the same thing. Here are some of the infected devices: AllWinner T95Max, RockChip X12 Plus, and RockChip X88 Pro 10.
Milisic reached out to the internet company that hosted the C2 servers and asked for them to be turned off, and the company complied quickly. However, he says that nothing is stopping the threat actors to erect a C2 server elsewhere and just continue their operation.
Read more
This dangerous Android malware is seeing a huge rise in infections
Dangerous new âHookâ Android malware lets hackers remotely control your phone
Check out the best identity theft protection software right now
Dangerous new âHookâ Android malware lets hackers remotely control your phone
Check out the best identity theft protection software right now
âItâs difficult to quantify the scale of this network. What we do know is that everywhere we look there are different variants of Android trojan malware downloading next-stage malware from the same set of IPs, ones that have been involved in supply-chain attacks in the past.â
The worst thing is that the average user doesnât really know how to install, or remove, such software from TV boxes, the researchers claim. For them, the best course of action would be to just replace the devices with something of more trustworthiness. For the researchers, he believes they should hold resellers to a higher standard and scrutinize hardware more.
âTheyâre not allowed to sell childrenâs toys made out of spinning razor blades, why is it OK to let small, unknown vendors sell computers acting maliciously without ownersâ knowledge and permission?,â he concluded.
[ul]
[li]Here are the best firewalls around[/li][/ul]
Via: TechCrunch
Continue readingâŚ