T95 Android TV boxes sold on Ozone, Wildberry and Joom marketplaces may have pre-installed viruses. This was reported to socialbites.ca by Group-IB digital forensics expert Igor Mihaylov.
In early January 2023, Canadian information security (IS) researcher Daniel Milishic said Amazon and AliExpress were selling T95 set-top boxes from an unknown manufacturer that contained a pre-installed backdoor and a virus that could allow attackers to track users. It turned out that the same set-top boxes are also sold on the Russian markets. Information security experts believe that T95 devices made available to Russians may also have pre-installed viruses and backdoors.
“The chances of Milisic being unlucky alone are low. As a rule, devices of unknown Chinese manufacturers have one or another malicious functionality. “There is a very high probability that STBs bought by the Russians are also infected with malware.”
The Group-IB expert also explained that the device manufacturer is usually the beneficiary in the set-top box virus boot plan. Due to the low prices of set-top boxes like the T95, to increase their marginality, devices are injected with malware at the manufacturing stage, allowing them to monetize after sales.
“This is done [монетизация] “By showing ads, automatically registering new accounts, using devices in DDoS attacks, installing miners, and so on.”
Learn more about malicious features found in popular Android TV boxes in the material “socialbites.ca”.
Source: Gazeta
Jackson Ruhl is a tech and sci-fi expert, who writes for “Social Bites”. He brings his readers the latest news and developments from the world of technology and science fiction.