Popular Android TV Box is Infected With Malware, Researchers Warn

A popular Android TV box, AllWinner T95, powered by China-based company AllWinner and RockChip, is being sold on Amazon infected with malware.

That’s not the only one infected Rather, the affected models include T95Max, RockChip X12-Plus, and RockChip X88-Pro-10.

These affordable and highly customizable devices can launch coordinated cyberattacks, posing a significant threat to unsuspecting users.

The news came to light when Daniel Milisic, a security researcher, made a startling discovery about these TV boxes. Later the findings were also confirmed by Bill Budington, an EFF security researcher.

How This Android TV Box Malware Functions

Milisic purchased an AllWinner T95 set-top box last year and found that the firmware of the device was infected with malware, allowing it to communicate with command and control servers.

Further investigation revealed that his device was part of a larger botnet consisting of thousands of other infected Android TV boxes worldwide.

The malware embedded in these devices primarily functions as a click bot, generating ad revenue by clicking on ads in the background.

Once powered on, the malware establishes contact with a command and control server, receiving instructions and additional payloads for carrying out ad-click fraud.

However, as Milisic points out, the malware authors possess the capability to push out different payloads at any given time, raising concerns about the potential for more malicious activities.

Such Botnets, consisting of compromised devices, are employed for various malicious purposes, such as cryptocurrency mining, data theft, or launching distributed denial-of-service (DDoS) attacks.

While the exact scale of this particular botnet remains unclear, Budington describes it as “an impressive and unsettling operation.”

How To Protect Yourself

So, is there any way that you can get rid of the malware if you are still using the device?

Unfortunately, the answer is No!

According to Security researchers, removing the malware from these devices is not a straightforward task for the average user.

Milisic and Budington recommend that “users should consider replacing the compromised devices entirely.”

While giving his statement to TechCrunch, Milisic emphasizes the need for “retailers like Amazon to be held to higher standards, questioning why small, unknown vendors are allowed to sell malicious devices without the knowledge or permission of the owners.”

However, when approached for comment, Amazon spokesperson Adam Montgomery declined to address whether the company reviews the security of the devices it sells or if it plans to remove the affected devices from its platform.

The fact that even Big companies like Amazon are not taking their consumer’s security into account while selling such devices, suggests that robust security measures are not given the priority they deserve.

For more news and updates on Cybersecurity, visit The Cybersecurity Club.

Post navigation

Leave a Reply

Your email address will not be published. Required fields are marked *

The Rise of the Knight Ransomware: Tactics, Victims, and Response

Tesla Breaching Privacy: Does The Company Spy On Its Customers?

Malaysia Implements SMS Screening by Telecom Providers to Combat Scams

Microsoft Warns of New Phishing Campaign Leveraging Microsoft Teams