In an age where technology is deeply ingrained in our daily lives, you wouldn’t expect that purchasing a TV streaming box would result in a cybersecurity nightmare. Yet this is the harsh reality that many unsuspecting users of cheap Android TV devices have faced.
Daniel Milisic, cybersecurity researcher, made a surprising revelation at the beginning of the year. He discovered that the Android TV T95 streaming box, sold at an affordable price, contained malware as soon as it left the factory. This information had made the rounds in the cybersecurity community, and several experts subsequently corroborated these results. However, the truth that emerged was far more sinister than anyone had anticipated.
Indeed, the cybersecurity company Human Security has made alarming revelations about the scale of this malicious intrusion and the complex network of fraudulent maneuvers linked to these Android TV devices.
Your Android TV box may be full of malware
Human Security’s investigation revealed the existence of seven Android TV boxes and a tablet, all infected by apparently indestructible backdoors. What’s even more worrying is the discovery of indicators that suggest that more than 200 different models of Android devices could be susceptible to being infected with this malware.
Note that all of the offending boxes use Android Open Source Project (AOSP) instead of Google TV or Google-certified Android TV, such as Nvidia Shield or Chromecast. The problem is because AOSP is open source. The researchers note that Badbox malware is preloaded on Android TV devices made in China before they are shipped to retailers.
Once the devices are plugged in, the malware connects to a C2 server in China. To put it simply, it then retrieves a set of instructions that inform it of the malicious activities it should execute on the device. These activities include advertising fraud, the creation of fake WhatsApp and Gmail accounts, the sale of access to home networks and the installation of remote codes.
To make matters worse, Human Security discovered the existence of an advertising fraud network closely linked to these schemes, a network likely responsible for financing these criminal operations. Here are all the references of the suspect boxes: T95, T95Z, T95MAX, X88, Q9, X12PLUS and MXQ Pro 5G, and finally a tablet called J5-W.