"Popular Android TV Boxes Sold on Amazon Are Laced With Malware"

AllWinner and RockChip are China-based companies that power several popular Android TV boxes sold on Amazon. These Android-powered TV set-top boxes are typically inexpensive and highly customizable, incorporating multiple streaming services into a single device. Their listings on Amazon have collectively accumulated thousands of positive reviews. However, security researchers say the devices are sold with malware capable of initiating coordinated cyberattacks. Daniel Milisic purchased an AllWinner T95 set-top box last year and found that the chip's firmware was infected with malware. Milisic discovered that the set-top box was communicating with command-and-control (C2) servers and awaiting further instructions. His ongoing investigation, which he published on GitHub, revealed that his T95 model connected to a botnet composed of thousands of malware-infected Android TV boxes. According to Milisic, the default payload of the malware is a clickbot, which is code that generates ad revenue by secretly tapping on advertisements in the background. When the infected Android TV boxes are powered on, the preloaded malware contacts a C2 server, obtains instructions on finding the malware it needs, and pulls additional payloads to the device that carry out ad-click fraud. Milisic explained that due to the malware's design, its creators can distribute any payload they want. Bill Budington, an EFF security researcher, independently validated Milisic's findings after purchasing an affected device from Amazon. Several other AllWinner and RockChip Android TV models, including the AllWinner T95Max, RockChip X12 Plus, and RockChip X88 Pro 10, are also preloaded with the malware. This article continues to discuss the popular Android TV boxes being sold infected with malware.  

TechCrunch reports "Popular Android TV Boxes Sold on Amazon Are Laced With Malware"