Security News > 2023 > January > Android TV box on Amazon came pre-installed with malware
A Canadian system administrator discovered that an Android TV box purchased from Amazon was pre-loaded with persistent, sophisticated malware baked into its firmware.
The device in question is the T95 Android TV box with an AllWinner T616 processor, widely available through Amazon, AliExpress, and other big e-commerce platforms.
While analyzing the DNS request in Pi-hole, Milisic discovered that the device was attempting to connect to several IP addresses associated with active malware.
Milisic believes the malware installed on the device is 'CopyCat,' a sophisticated Android malware first discovered by Check Point in 2017.
These inexpensive Android-based TV box devices follow an obscure route from manufacturing in China to global market availability.
Even if most e-commerce sites have policies to prevent selling devices pre-loaded with malware, enforcing these rules by scrutinizing all electronics and confirming they're free of sophisticated malware is practically impossible.
News URL
Related news
- New Android malware uses Microsoft’s .NET MAUI to evade detection (source)
- APT36 Spoofs India Post Website to Infect Windows and Android Users with Malware (source)
- Android Malware Exploits a Microsoft-Related Security Blind Spot to Avoid Detection (source)
- New Crocodilus malware steals Android users’ crypto wallet keys (source)
- Counterfeit Android devices found preloaded With Triada malware (source)
- Triada Malware Preloaded on Counterfeit Android Phones Infects 2,600+ Devices (source)
- SpyNote, BadBazaar, MOONSHINE Malware Target Android and iOS Users via Fake Apps (source)
- New Android malware steals your credit cards for NFC relay attacks (source)
- SuperCard X Android Malware Enables Contactless ATM and PoS Fraud via NFC Relay Attacks (source)
- Russian army targeted by new Android malware hidden in mapping app (source)