Cybersecurity researchers have discovered that two popular Android TV box products are being sold online preloaded with malware.
Malware generates revenue for attackers by clicking ads in the background, without the knowledge or consent of the owners, according to the findings of cybersecurity researcher Daniel Milisic.
Milisic headed to Amazon to buy the AllWinner T95, a popular set-top box with a four out of five star rating and countless reviews. The TV comes with multiple streaming services, is customizable, and is generally considered a good value for the relatively low price (around $40 excluding shipping).
Impressive and disturbing
However, shortly after receiving the item, Milisic discovered that the tool was communicating with the C2 server and was waiting for specific instructions. A closer investigation revealed that the device was connecting to a wider botnet involving countless devices around the world. The instructions were to download the stage two malware that performs ad click fraud.
After publishing his findings on GitHub, other researchers jumped in to help, including EFF security researcher Bill Budington, who not only confirmed MIlisic’s findings but also said there are other devices doing the same thing. Here are some of the affected devices: AllWinner T95Max, RockChip X12 Plus and RockChip X88 Pro 10.
Milisic contacted the internet company that hosted the C2 servers and asked for them to be shut down, and the company quickly agreed. However, he claims that there is nothing stopping the cybercrime groups from setting up the C2 server elsewhere and simply continuing their activities.
speak to TechCrunchBudington was amazed: “This is an impressive and disturbing operation,” he said.
“It is difficult to estimate the scale of this network. What we do know is that everywhere we look there are variants of Android Trojan malware that download next-stage malware from the same set of IP addresses that have been involved in supply chain attacks in the past.”
The worst part is that the average user doesn’t really know how to install or remove such software from TV sets, researchers say. For them, the best solution would be to simply replace the devices with something more trustworthy. According to the researchers, they should demand a higher standard from sellers and look more closely at the equipment.
“They are not allowed to sell children’s toys made of spinning razor blades, why should small, unknown vendors be allowed to sell malicious computers without the knowledge or consent of the owners?” he concluded.
By: TechCrunch