Malware is said to be pre-installed and active in the “T95 Android TV box” Android TV box available on several e-commerce sites. It is therefore better to be careful with this kind of boxes.
If your television is not yet smart, you are surely one of the people who have fallen for an Android TV box. These boxes do not all cost the same price, and sometimes you want to opt for the cheapest, but be careful, it’s not always a good idea.
A system administrator in Canada had a bad surprise after buying an Android TV box from the T95 brand on Amazon. Daniel Milisic says he bought this box precisely because it is relatively simple and inexpensive, and because it is available on several online platforms with good feedback. Howeverthe latter came with pre-installed malware.
Read also – Best 4K TVs under Android TV 2022: which model to buy?
He finds malware preinstalled on his Android TV box
While setting up his box, Daniel eventually found a suspicious process running that was communicating with an external command and control (C2) server. After receiving several alerts from his in-house DNS system, he realized that once connected to the Internet, the box would try to connect to hundreds of different domains and multiple IP addresses, supposedly from remote control systems.
The administrator concluded that the box was infected with a modified version of CopyCat, a malware Android discovered in 2017, which has infected more than 14 million Android devices in the market since its appearance.
It seems that this box is available around 40 euros in several models on Amazon. We therefore strongly recommend that you do not buy it. The copy ordered by the administrator is probably the most recent, one running Android 10. However, the ROM has been heavily customized by the manufacturer. This version is already obsolete, since Google launched Android TV 13 a few weeks ago, a minor update that mainly contains changes for developers.
