1. Forum
  2. tqwNet
  3. TQW_GENTECH

  • These popular Android TV boxes are reportedly shipping laced with

    From TechnologyDaily@1337:1/100 to All on Sun May 21 11:30:03 2023
    These popular Android TV boxes are reportedly shipping laced with malware

    Date:
    Sun, 21 May 2023 10:16:06 +0000

    Description:
    Popular TV boxes are being shipped with malware engaged in ad-click fraud.

    FULL STORY ======================================================================

    Cybersecurity researchers have discovered two popular Android TV box products are being sold online preloaded with malware .

    The malware generates revenue for the attackers by clicking on ads in the background, without the owners knowledge or consent, according to findings from cybersecurity researcher Daniel Milisic.

    Milisic went to Amazon to buy an AllWinner T95, a popular set-top box with a four-out-of-five-star rating, and countless reviews. The TV box comes with multiple streaming services, can be customized, and is generally considered good value for its relatively low price (around $40 without shipping). Impressive and unsettling

    However, soon after receiving the item, Milisic discovered the tool was communicating with a C2 server and awaiting certain instructions. A deeper investigation showed the device connecting to a wider botnet comprising countless devices all over the world. The instructions were to download stage-two malware which performs ad-click fraud.

    After publishing his findings on GitHub, other researchers chimed in with support, including EFF security researcher Bill Budington, who not only confirmed MIlisics findings, but also said there were other devices doing the same thing. Here are some of the infected devices: AllWinner T95Max, RockChip X12 Plus, and RockChip X88 Pro 10.

    Milisic reached out to the internet company that hosted the C2 servers and asked for them to be turned off, and the company complied quickly. However,
    he says that nothing is stopping the threat actors to erect a C2 server elsewhere and just continue their operation. Read more

    This dangerous Android malware is seeing a huge rise in infections


    Dangerous new 'Hook' Android malware lets hackers remotely control your
    phone


    Check out the best identity theft protection software right now

    Speaking to TechCrunch , Budington didnt hide his amazement: Its an
    impressive and unsettling operation, he said.

    Its difficult to quantify the scale of this network. What we do know is that everywhere we look there are different variants of Android trojan malware downloading next-stage malware from the same set of IPs, ones that have been involved in supply-chain attacks in the past.

    The worst thing is that the average user doesnt really know how to install,
    or remove, such software from TV boxes, the researchers claim. For them, the best course of action would be to just replace the devices with something of more trustworthiness. For the researchers, he believes they should hold resellers to a higher standard and scrutinize hardware more.

    Theyre not allowed to sell childrens toys made out of spinning razor blades, why is it OK to let small, unknown vendors sell computers acting maliciously without owners knowledge and permission?, he concluded. Here are the best firewalls around

    Via: TechCrunch



    ======================================================================
    Link to news story: https://www.techradar.com/news/these-popular-android-tv-boxes-are-laced-with-m alware


    --- Mystic BBS v1.12 A47 (Linux/64)
    * Origin: tqwNet Technology News (1337:1/100)