Thousands of owners of cheap Android TV devices are faced with an unexpected threat. When buying a prefix for streaming of television, no one expects that it will be infected with malicious software or will begin to communicate with servers in China when turned on. However, it was such a reality that expected many unusual owners.
In January, the security researcher Daniel Milisich discovered that the cheap console of Android TV called T95 was infected with malicious in the box. It was only the beginning. This week, Human Security opened new details about the scale of the infected devices and the hidden related network of fraudulent schemes.
Researchers from Human Security found seven Android TV prefixes and one tablet with pre-installed backdoors. According to them, up to 200 different Android models can be affected. In addition, the company reports the elimination of advertising fraud related to the scheme, which probably financed this operation.
Gavin Reid from Human Security, which leads the Satori Threat Intelligence and Research team, compared these devices with the “Swiss army knife to perform bad actions on the Internet.” He also added that the company shared information about the places where these devices could be produced with law enforcement agencies.
The Human Security study is divided into two parts: Badbox, regarding the compromised Android devices and their participation in fraud and cybercrime, and Peachpit, related to advertising fraud, which participate at least 39 applications for Android and iOS. Google has already deleted applications after the Human Security study, while Apple reports on problems in several of the declared applications.
It is noteworthy that cheap Android consoles, usually worth less than $50, are sold online and in retail stores. These devices often do not have a brand or are sold under different names, which complicates the definition of their origin.