A TV box with the Android operating system brought, inside, a malware to monitor traffic and download new viruses. The low-cost box, dubbed the T95 and running on an AllWinner T616 processor, was acquired by a security specialist at Amazon US, but would also be available from AliExpress and other tech retailers.
- Anatel confirms that pirated TV box can allow attacks and data theft
- 3 online shopping safety factors unknown to consumers
The discovery was made by researcher Daniel Milisic, who acquired the product to carry out safety tests. During the process, he found what appears to be a variant of CopyCat, an Android malware that has been circulating since 2017, mainly in campaigns aimed at displaying ads. Here, though, the threat appeared to be being used to log connections and download new viruses.
The discovery came after an initial analysis, which showed several connection attempts to IP addresses that are part of threat lists and are associated with the distribution of malware. A deeper scan then revealed different layers of systems aimed at monitoring the device’s online traffic and sending the information to remote servers, while attempts to download more threats were made from three malicious domains.
–
Join the CANALTECH OFFERS GROUP on Telegram and always guarantee the lowest price on your purchases of technology products.
–
It also caught Milisic’s attention that a feature known as ADB, or Android Debug Bridge, is open to connections over wired or Wi-Fi networks. In theory, this functionality would allow remote access by attackers and the execution of commands on the device, while being used behind firewalls available on most home connections would prevent this exploitation.
Even so, it is yet another open door in a product sold directly to consumers, many of them without experience and who would simply connect the device to the network to consume entertainment. With this, traffic data and user information could be at risk, as well as downloading new threats could bring cryptocurrency miners and other risks to people and the device.
The expert also points out that it is not possible to uninstall the malware present in the T95 by traditional means. He made available a custom script that disables the malicious suite, along with mitigation guides involving the use of ADB through a network or USB connection, since even a full system restore does not end the threat.
For users who are not familiar with resources of this type, however, the main recommendation is to stop using the product. When purchasing entertainment devices or any other type of product, look for certified resellers and well-known brands, so that the cheap is not expensive. It’s also worth protecting home networks with passwords and applying updates to routers and connected appliances to thwart common attack vectors.
Read the article on Canaltech.
Trending on Canaltech:
- Google One is the newest app to surpass 1 billion downloads
- Why are scientists storing frozen stool samples from around the world?
- 8 bizarre and scary movies with killer clowns
- Do you know the difference between flooding, inundation and flooding?
- 10 games that had disastrous launches
- Is removing ear wax harmful? understand the importance of cerumen
