We are used to talking about new viruses and threats that can affect browsing the Internet, downloading a program or using a platform. But this time it is a physical device. specifically a android tv box they sell on Amazon. They have discovered that it comes with pre-installed virus, something that will undoubtedly affect security and privacy. We are going to explain what exactly it consists of and what you can do to avoid problems.
Android TV Box with virus pre-installed
This malware that comes pre-installed with Android TV Box purchased from Amazon has been discovered by security researcher daniel milisic. He discovered that this device came preloaded with sophisticated malware and that it was embedded in his firmware. But why? Although the reason is not clear, it may be to obtain information from users, such as personal data, execute commands or even be able to control the device.
However, the same researcher who discovered this problem has indicated that most devices of this type are behind a firewall, so it is not easy for them to connect to the device remotely.
It specifically affects the model of Android TV Box T95 which uses a processor AllWinner T616. It is a popular model, widely available on Amazon. It is not clear if it is something generalized or it was something specific to this device that Daniel Milisic bought to carry out different tests. The point is that there are many sellers that offer this product and in many cases it goes through several hands, so anyone could have modified the device.
This security researcher noticed the problem while doing tests. Making a DNS request, he discovered that the device was trying to connect to multiple IP addresses that are associated with malware. There have been similar issues in the past, especially with preloaded adware, affecting devices of this type.
What to do if you have this model
You may have this model of Android TV Box and have doubts about whether it may have a virus within the firmware. The security researcher has created a script to help users to block the malware payload and it is best for you to follow these simple steps that will avoid security and privacy issues.
The first thing is reset device to factory settings. To do this you have to enter the configuration menu and click on Factory reset. That will return the device to the original settings, before any changes they may have made.
Once that is done, the next thing is to connect via USB or Wi-Fi and run the script that Daniel Milisic has created and that you can find available on GitHub. That will cause the potential malware payload to be blocked.
In short, as you can see, they have managed to sneak a device loaded with malware into Amazon. Specifically an Android TV Box T95. Although we are dealing with something isolated, something that is not usual, it shows us once again the importance of buying safely on the Internet. Avoid pages that may be dangerous, check carefully who the seller is and read comments and ratings that can help you.