Usually, when we buy any electronic device, we imagine that it comes new and free of threats. So we connected it, logged in with our accounts and started using it. However, it must be borne in mind that this is a very important vein that hackers will not miss, who are looking for the slightest opportunity to infect users with malware. And a new way to do it is through devices, such as tv boxwhich we can buy in any store, such as Amazon.
A TV Box is a device designed to be connected to the TV and have an operating system (usually Android) with which to interact. These types of devices are widely used to, for example, install streaming apps, such as Netflix or HBO, use Kodi on TV, install games, and even turn them into a retro console. Given that these devices have an operating system that is so easy to infect, such as Android, and that they also generally have obsolete, modified versions that are impossible to update or manage, they become the perfect Trojan horse to infect users.
How a virus works on an Android TV Box
A group of security experts have detected threats in one of the best-selling Android TV Box models from Amazon and other stores, such as AliExpress, the T95 with AllWinner T616 processor. It is still not very well known if the threat is hidden only in a specific model, or we can find it in all models with this CPU.
In this analyzed case, the devices hid a malware called CopyCat, previously seen in other adware campaigns. What this threat does is connect to ad servers and display ads to users. It also has other features that allow malware to receive connections from a remote control server, for example, to carry out DDoS attacks.
The malware has been given root permissions and highly persistent, making it very difficult to both detect and remove. In this particular case, the security researcher has shared a script to block this threat, though it will only work on T95 devices with CopyCat adware.
How to avoid falling into the clutches of pirates
Most of these threats come from devices that have been developed and configured in countries like China. They are generally sold much cheaper than the competition because the main source of income for pirates is going to be another: hidden malware.
If we have bought a device of this type, we can use some DNS control software to check if suspicious connections are made to servers located in China or other countries. We can also try factory reset of the device, and even, if there are options on the network, flash another clean rom remove the threat.
Finally, the commitment to safe and reliable devices, such as a Chromecast, an Amazon Fire TV, a Xiaomi or a Roku will save us a lot of trouble.