Be wary if you have or are buying an Android box to plug into your TV. Most cheap Chinese models are infected with dangerous factory-installed malware!.
We no longer praise the merits of Android boxes, these small, very practical and very popular boxes that connect to the television and the local home network – via Ethernet or Wi-Fi – to take advantage of streaming platforms, connected services and many applications. On the shelves of online stores such as Amazon or Ali Express or at traditional high-tech resellers, major brands like Xiaomi, Toshiba, Nvidia and Thomson rub shoulders with other much less well-known brands offering Android TV boxes at prices. much more attractive prices, less than 50 euros. And if, externally, few elements distinguish them from brand models, the difference lies at the heart of their components. Indeed, as revealed by a study carried out by Human Security, an American company specializing in cybersecurity, most of these low-cost boxes carry malware that is invisible to ordinary users. And malware is installed from manufacturing!
Android TV box: at least 200 models infected with malware
Human Security researchers managed to identify at least 200 Android TV box models infected with this arsenal of malware that they called Badbox. More than 74,000 devices affected by this phenomenon have already been spotted around the world. Viruses seem to be installed right out of the factory in the firmware (the firmware) housings so that they cannot be easily dislodged. “Unbeknownst to the user, when one plugs in this device, it connects to a command and control (C2) system in China, downloads a set of instructions, and starts doing a bunch of bad things “, indicates in the columns of the American site Wired, Gavin Reid, one of the researchers behind the discovery.
The goal sought by hackers? First of all, generate big revenues through advertising fraud. This involves making advertisers believe that their ad has been seen by millions of visitors while software robots (bots) nestled in these devices are responsible for imitating human behavior. But that’s not all. Badboxes also allow you to create fake email or messaging accounts to artificially generate new users. Through backdoors (backdoors in English), hackers can also set up proxies to hijack web traffic and sell access to your home network. This way, illicit activities can be traced back to your home. Clever. Finally, these infected boxes also give hackers the opportunity to install, without your knowledge, other malicious apps and take control of the box and activities on the Web. Not very reassuring.
BadBox-infected Android TV boxes are generally sold for between 20 and 50 euros, have unknown exotic names and promise great features and quality. Nothing to do with the models produced by major brands and certified by PlayProtect, the verification and protection system set up by Google. Human Security researchers have confirmed the presence of BadBox in seven Android TV boxes (T95, T95Z, T95MAX, X88, Q9, X12PLUS and MXQ Pro 5G) and even in an Android tablet, the J5-W. But these models are available under multiple names on online stores.
If you have such a device, unfortunately there is not much you can do unless you are an expert in computers and coding. Since malware is embedded in the device’s firmware, a simple reset of Android is not enough to remove it. It is recommended to get rid of it and switch to a well-known brand benefiting from Google’s PlayProtect certification.