Most of the readers must have seen cheap Android TV boxes on sale across online retailers such as Amazon, and even some might have bought those out of curiosity. However, according to a new report on TechCrunch (Via Daniel Milisic), these kind of boxes are carrying malware which are capable of launching coordinated cyberattacks.
Especially, the AllWinner and RockChip Android TV boxes have been found operating ad-click fraud besides providing the users some exciting features at cheap rates. These boxes have massive sales on Amazon due to their highly customizable firmware that allows streaming multiple services, which are usually paid for and used separately via different devices.
Android TV Boxes malware – Modus Operandi
As per Daniel Milisic, who owns the AllWinner T95 set-top box a last year and later found that it was infected with malware. The set-top box was communicating with command and control servers leading to ad-click fraud. Upon further introspecting the issue, he found that his set-top box was connecting to a larger botnet of malware-infected Android TV boxes.
Interestingly, the malware carried clickbot as the default payload and was clicking ads behind the curtains. The malware gets active once the power is supplied, and starts awaiting the command from the control server. The complex design of malware easily allowed the preparators to push any payload easily.
Confirming the findings by Daniel Milisoc, the EFF security researcher Bill Budington suggested “throwing the box out altogether”, as it is quite complex to fix it by a normal user.
Upon confirmation about the botnets, and aggregating appropriate proofs, Daniel contacted the company which was hosting the control servers. the company took notice and shit down the ad-click malware servers.
However, as per Milisic and Budington, these botnets can always come back in any other form. So it is always advised to buy items after rigorous thinking.
AllWinner and RockChip didn’t comment on the situation, meanwhile, Amazon declined to confirm any inspection being done on such products before selling them.