Security News > 2023 > January > Android TV box on Amazon came pre-installed with malware
A Canadian system administrator discovered that an Android TV box purchased from Amazon was pre-loaded with persistent, sophisticated malware baked into its firmware.
The device in question is the T95 Android TV box with an AllWinner T616 processor, widely available through Amazon, AliExpress, and other big e-commerce platforms.
While analyzing the DNS request in Pi-hole, Milisic discovered that the device was attempting to connect to several IP addresses associated with active malware.
Milisic believes the malware installed on the device is 'CopyCat,' a sophisticated Android malware first discovered by Check Point in 2017.
These inexpensive Android-based TV box devices follow an obscure route from manufacturing in China to global market availability.
Even if most e-commerce sites have policies to prevent selling devices pre-loaded with malware, enforcing these rules by scrutinizing all electronics and confirming they're free of sophisticated malware is practically impossible.
News URL
Related news
- TrickMo malware steals Android PINs using fake lock screen (source)
- Russia targets Ukrainian conscripts with Windows, Android malware (source)
- Android malware "FakeCall" now reroutes bank calls to attackers (source)
- New FakeCall Malware Variant Hijacks Android Devices for Fraudulent Banking Calls (source)
- New Android Banking Malware 'ToxicPanda' Targets Users with Fraudulent Money Transfers (source)
- Cyber crooks push Android malware via letter (source)