Cheap Android TV boxes on Amazon feature Malware, cites a new report

Share

Most of the readers must have seen cheap Android TV boxes on sale across online retailers such as Amazon, and even some might have bought those out of curiosity. However, according to a new report on TechCrunch (Via Daniel Milisic), these kind of boxes are carrying malware which are capable of launching coordinated cyberattacks.

Android TV 12 is now officially out, but there's a catch

Must See: Xiaomi TV Stick 4K Officially Launched: Supports AndroidTV 11 and AV1

Especially, the AllWinner and RockChip Android TV boxes have been found operating ad-click fraud besides providing the users some exciting features at cheap rates. These boxes have massive sales on Amazon due to their highly customizable firmware that allows streaming multiple services, which are usually paid for and used separately via different devices.

Cheap Android TV boxes on Amazon feature Malware, cites a new report

Android TV Boxes malware – Modus Operandi

As per Daniel Milisic, who owns the AllWinner T95 set-top box a last year and later found that it was infected with malware. The set-top box was communicating with command and control servers leading to ad-click fraud. Upon further introspecting the issue, he found that his set-top box was connecting to a larger botnet of malware-infected Android TV boxes.

Interestingly, the malware carried clickbot as the default payload and was clicking ads behind the curtains. The malware gets active once the power is supplied, and starts awaiting the command from the control server. The complex design of malware easily allowed the preparators to push any payload easily.

Confirming the findings by Daniel Milisoc, the EFF security researcher Bill Budington suggested “throwing the box out altogether”, as it is quite complex to fix it by a normal user.

Upon confirmation about the botnets, and aggregating appropriate proofs, Daniel contacted the company which was hosting the control servers. the company took notice and shit down the ad-click malware servers.

However, as per Milisic and Budington, these botnets can always come back in any other form. So it is always advised to buy items after rigorous thinking.

Related: Advertisements on Google TV and Android TV becoming more frequent and diverse

AllWinner and RockChip didn’t comment on the situation, meanwhile, Amazon declined to confirm any inspection being done on such products before selling them.

Simranpal Singh
Simranpal Singh
With a decade-long journey in the tech industry, I've been actively engaged in tech reporting across various reputable publications. He is Web Developer by profession at RightNode Media and pursues his hobby of writing on GChromecast Hub. Enjoy travelling, and always excited about new tech trends. He actively contributes on GizmoChina and GoAndroid.

Read more

Local News

Xiaomi TV Box S (3rd Gen) Unveiled: Powerful Processor & Enhanced Features

Xiaomi revealed its next streaming TV box on its global website. The name of a new streaming box is Xiaomi TV Box S (3rd...

Thomson Streaming Box Plus 270 runs on Google TV Launched in Europe

Thomson launched the new 4K Streaming Box Plus 270 based on Google TV launched in Europe. It will give tough competition to Google TV...

Plex no Longer Offers Free Remote Playback, Raises the Plex Pass Price

Plex is a media server platform that is used to organize, stream, and access the personal collection of content that includes movies, songs, etc....

Google TV Streamer Update code reveals Backlight Remote Support, New remote is coming?

Google is planning a backlit remote with Google TV Streamer in the future. Google TV Streamer got the first software update of 2025 a...