With the advent of streaming, The de facto medium for modern TV entertainment, Android TV boxes have proven to be an effective way to enhance your old TV with smart internet-driven features.
There are many different types of smart TV boxes available overseas and in South Africa, but some of the most trusted brands, such as the Apple TV set-top box, are too expensive for many consumers.
This price focus tends to lead customers to buy cheaper, lesser-known brands. Especially since some of these brands have the ability to stream pirated content.
But researchers have discovered that many of these devices have surprisingly high prevalence of malicious software, or malware.
“Your device is infected with malware that, without your knowledge or permission, is constantly trying to find C2 servers, upload “telemetry” and wait for commands. It comes with the device directly from the retailer you ordered it from,” said computer security researcher Daniel Milicic, who researched the operating systems of his AllWinner H616/H618 and RockChip 3328 set-top boxes. stated in his GitHub repository with emphasis.
Milisic contributes to a number of GitHub repositories where researchers and modders around the world share their findings on security vulnerabilities in various devices testing for malware.
sophisticated botnet
Another TV box, called T95, contained malware that hijacked users' computing resources and internet connections, and served as a node for a sophisticated ad fraud botnet. Once connected, the device silently runs background software that clicks on ads on various websites, giving paying advertisers the idea that their content is getting more views than it actually is. fraudulently give a false impression that
Human Security, a company specializing in identifying and eliminating international fraud syndicates, revealed that in October 2023, its Satori team disrupted the operation of the Badbox botnet operation, an ad fraud syndicate operating outside of China. I reported. At its peak, Badbox was processing 4 billion fraudulent ad requests per day, according to the security research firm.
Read: SSA hacked? South Africa's 'secret security breach'
“The China-based Bad Box business sold off-brand mobile devices and connected television equipment through popular online retailers and resale sites,” Human Security said in a statement. “These Android devices were preloaded with known malware called Triada. When the devices were powered on or plugged in, they called home and remotely sent several A fraudulent “module” is installed. One of them was an ad fraud module called Peach Pit. This cybercriminal enterprise did not discriminate. It was aimed at consumers around the world in both the private and public sectors. ”
According to a report in Wired, the Triada malware used by Badbox was first identified by Kapersky in 2016. Advertising fraud is not the only type of crime associated with this software. Other methods used by cybercriminals include residential proxy services (where syndicates sell access to users' home networks), creating fake emails and social media accounts, and installing remote code. there is.
Misilic and colleagues identified specific files containing malware, including the now infamous “core java” folder on Android TV boxes. Attempts to remove malicious software from devices like the T95 have mostly proven unsuccessful as it is nearly impossible to find clean versions of the custom Android OS versions they use. Many “successful” reboots turn out to be flawed after a while, and experts believe that operating system files identified as malware are not the only ones present in the system; there are other, more deeply hidden files may also be present.
“After a failed search for a clean ROM, I set out to remove the malware in a last-ditch effort to make the T95 easier to use. I used “tcpflow'' and “nethogs'' to monitor traffic and identify layers of malware. We discovered the layer above, traced it to the offending process/APK (Android package file), and removed it from the ROM. The final piece of malware that we were unable to track appears to be injected into system server processes and embedded deep into the ROM. “This is quite sophisticated malware,” Misilik said. – © 2024 News Central Media
History of decoders created by M-Net and DStv
