Security News > 2023 > January > Android TV box on Amazon came pre-installed with malware
A Canadian system administrator discovered that an Android TV box purchased from Amazon was pre-loaded with persistent, sophisticated malware baked into its firmware.
The device in question is the T95 Android TV box with an AllWinner T616 processor, widely available through Amazon, AliExpress, and other big e-commerce platforms.
While analyzing the DNS request in Pi-hole, Milisic discovered that the device was attempting to connect to several IP addresses associated with active malware.
Milisic believes the malware installed on the device is 'CopyCat,' a sophisticated Android malware first discovered by Check Point in 2017.
These inexpensive Android-based TV box devices follow an obscure route from manufacturing in China to global market availability.
Even if most e-commerce sites have policies to prevent selling devices pre-loaded with malware, enforcing these rules by scrutinizing all electronics and confirming they're free of sophisticated malware is practically impossible.
News URL
Related news
- PixPirate Android malware uses new tactic to hide on phones (source)
- Vultur banking malware for Android poses as McAfee Security app (source)
- SoumniBot malware exploits Android bugs to evade detection (source)
- New Brokewell malware takes over Android devices, steals data (source)
- New 'Brokewell' Android Malware Spread Through Fake Browser Updates (source)