Chinese tech giants AllWinner and RockChip may not be household names, but their impact is felt through the widespread popularity of Android TV boxes available on Amazon. These affordable and highly customizable devices have revolutionized home entertainment, packing multiple streaming services into one device.
Amateur Sleuth Member Discovers Ill Maid Exposure Caused by Dabbling into Discounted 4 Talen TVs by All Wenger
According to the story by Tech Crunch, with commendable ratings and positive reviews, they have become a go-to choice for budget-conscious consumers.
Daniel Milisic, an unsuspecting buyer, purchased an AllWinner T95 set-top box, only to discover that its firmware was infected with malicious software. Upon closer inspection, Milisic realized that the Android-powered device was surreptitiously communicating with command and control servers, eagerly awaiting instructions.
Taking his investigation further, Milisic unveiled a shocking truth: his T95 model was just one cog in a vast botnet composed of thousands of infected Android TV boxes scattered across the globe. The default payload of the malware, according to Milisic, is a clickbot-an insidious code designed to generate revenue by clandestinely clicking on ads in the background, as he uploaded his findings on GitHub.
Coordinated Cyberattacks: Preloaded Malware Exploits Android TV Boxes
Once the compromised Android TV boxes are powered on, the preloaded malware swiftly establishes contact with a command and control server, retrieving instructions on where to locate additional payloads that carry out ad-click fraud. Milisic emphasized that the flexible design of the malware allows its creators to unleash any payload of their choosing, amplifying the potential danger.
The credibility of Milisic's findings was subsequently validated by Bill Budington, a security researcher at the Electronic Frontier Foundation (EFF), who independently acquired an infected device from Amazon.
Further investigations revealed several other AllWinner and RockChip Android TV models, including the AllWinner T95Max, RockChip X12 Plus, and RockChip X88 Pro 10, were also preloaded with the same insidious malware.
The Threat of Botnets: A Network of Compromised Devices
Botnets, vast networks comprising compromised devices ranging from hundreds to millions in number, present a significant threat. Their operators can harness these malicious networks for various malicious activities, such as cryptocurrency mining, data theft, or launching debilitating distributed denial-of-service (DDoS) attacks that inundate websites and servers with excessive traffic, rendering them inaccessible.
To combat the broader botnet, Milisic appealed to the internet company hosting the command and control servers, urging them to take action. As a result, the servers hosting the ad-click malware were eventually taken offline. However, Milisic cautioned that the botnet could resurface with new infrastructure, underscoring the persistent challenge of tackling these evolving threats.
Read Also: Google Chrome Third-Party Cookies to Be Phased Out! But, Only 1%... For Now-Here's Why
Disposing of Compromised Devices: The Harsh Reality for Affected Users
Unfortunately, rectifying the issue is far from simple for average users. Milisic and Budington suggest that affected individuals may have to discard their compromised devices altogether.
When approached for comment, Amazon spokesperson Adam Montgomery declined to disclose whether the company conducts security reviews of the devices it sells or if it plans to remove the malware-infected products from its platform. Requests for comment from AllWinner and RockChip went unanswered.
Related Article: Summer Travel Scams: McAfee Claims 30% of Adults Fall Victim! Here's How To Outsmart These Scammers