Researchers expose Android TV boxes with a pre-loaded malware variant

Posted on May 11, 2023 at 4:10 PM

Researchers expose Android TV boxes with a pre-loaded malware variant

Some Android TV boxes available on the Amazon platform come pre-loaded with malware. These TV boxes are the ones manufactured by AllWinner and RockChip. These TV boxes contain malware that comes from the BianLian family, which is a variant that was under investigation last year.

Android TV boxes on Amazon come with pre-loaded malware

The malware in question was detected by a cybersecurity researcher known as Daniel Milisic. The malware in question installs a botnet into the smart set-top box to start coordinated attacks. The models that have been affected by this exploit include AllWinner T95, AllWinner T95Max, RockChip X88-Pro-10, and RockChip X12-Plus.

The researchers analyzed the traffic that was being sent using these devices. They discovered several DNS requests that were sent for domains that were publicly known as botnet Command and Control (C&C) servers.

The researchers have also extracted a Stage-1 payload for this malware and reached out to Linode on the matter. Linode has been hosting some of the C&C servers, with the researchers exploring ways that they can shut these servers down.

The researchers also contacted AllWinner on the matter, and the company denied that there was a presence of malware on their devices. The company has attributed the malicious traffic on its system to the presence of Logcat within its system. The attribution of the malicious activity to Logcat is a matter that is not associated with the malware.

The other Android TV box that the researchers also observed to contain malware is the T95 smart set-top box. This Android TV box came out of the box with the Android Debugger that could be accessed via Wi-Fi.

The Android Debugger gives an external party the ability to control a device, issue commands and install apps on the targeted device. The device firmware was also signed by the hackers using a testing key. Additionally, the company did not extend any firmware that was clean or production-ready to the consumers.

When the consumers failed to access a clean version of the system firmware, the consumers were left in limbo, not knowing the best way to clean their system and eradicate the malware.

Increased usage of Android TV boxes

Android TV boxes have become increasingly popular, which poses a danger to the vast user base. These devices have become increasingly available, and they pose a danger to consumers despite them not understanding the threat posed. These devices present a threat to consumer networks, security, and the stability of the internet at large.

It is not practical for consumers to conduct thorough security checks for all the products that they purchase on Amazon. However, there is a need for an intensive vetting process before the IoT devices are sold to consumers. One of these recommendations is for a basic network analysis to be conducted on the platform that will discover that these devices communicate with the C&C servers while also having adp ports that are open to access.

The sale of the devices has exposed massive gaps in the public cybersecurity space. The devices in question have been manufactured by third-party vendors that are not popular. The vendors are located in China, and they do not have much reputation to protect.

These brands also operate in a manner that differs from smaller brands. The brands can sell the products at a cheaper price when they cut costs on quality control and the security of the device without harming their reputation.

 There is no presence of in-depth security certification for consumer-grade IoT devices. The devices are also available to many users, with the buyers being faced with the choice of choosing between the price and the information available on Amazon detailing how these devices work and the level of protection offered.

In 2022, the Biden administration unveiled plans to have an ambitious cybersecurity program that is yet to be implemented. The objective of this program is to raise the standards needed for IoT security.

Recently, the CISA Director, Jen Easterly, said that software vendors needed their personal security outcomes for customers. The development shows that the federal government recognizes the serious lapse in consumer-grade cybersecurity systems and the willingness of the government to mitigate the threat posed by software and consumer devices.

These initiatives will create new incentives in the market for companies focused on product security. The government now wants large IoT marketplaces like Amazon to conduct thorough tests on devices before they are launched to the public.

Researchers expose Android TV boxes with a pre-loaded malware variant
Article Name
Researchers expose Android TV boxes with a pre-loaded malware variant
Researchers have detected Android TV boxes with pre-loaded malware. The detected malware is from the BianLian family. The malware variant was under investigation last year.
Publisher Name
Publisher Logo

Share this:

Related Stories:


Get the latest stories straight
into your inbox!


Discover more from KoDDoS Blog

Subscribe now to keep reading and get access to the full archive.

Continue reading