Android TV Box Sold on Amazon Comes With a Special Treat: Malware - PCMag

An Android TV container sold connected Amazon was recovered to beryllium secretly loaded with malware, according to a Canadian systems head who purchased the device.

In posts connected GitHub(Opens successful a caller window) and Reddit(Opens successful a caller window), Daniel Milisic warns astir the T95 Android TV Box, which helium bought a fewer months agone connected Amazon. The product, which besides uses the Allwinner h616 chip, is presently being sold connected Amazon and AliExpress, starting astatine astir $40. 

Milisic noticed thing was disconnected erstwhile the box's Android 10 OS was signed utilizing trial keys and had the Android Debug Bridge open, giving anyone entree to it via Ethernet and Wi-Fi. 

The T95 Android TV Box Milisic bought. (Credit: Milisic/Amazon)

He past ran the ad-blocking bundle Pi-hole implicit the device, which revealed the assorted net domains the TV container was trying to link to. “That's however I discovered conscionable however nastily this container is festooned with malware,” Milisic wrote, aboriginal adding: “The container was reaching retired to galore known, progressive malware addresses.”

Based connected his analysis, the malware operates likewise to the CopyCat(Opens successful a caller window) Android malware, which tin hijack a instrumentality to instal apps and show ads to effort and make gross for cybercriminals. 

It’s unclear however galore T95 Android TV boxes are loaded with the malware. But Milisic’s station contains tips for owners connected however to find retired if their merchandise is affected. If the TV container contains the folder “/data/system/Corejava” and the record “/data/system/sharedprefs/openpreference.xml,” past the instrumentality has been compromised.  

His GitHub station goes connected to connection a mode to partially disable the malware by disrupting its connection way to the hacker-controlled servers. But for non-tech savvy users, the easiest mode to code the menace is to propulsion the plug connected the product. In a Reddit post(Opens successful a caller window), Milisic said that doing a mill reset simply reinstalls the malware connected the TV box. 

The incidental is simply a reminder to beryllium cautious astir buying products from chartless tech brands. Amazon didn’t instantly respond to a petition for comment.