It was revealed in May 2023 that popular Chinese TV boxes built on mobile Android (AOSP) come preloaded with malware. A new malware botnet has now been discovered.
The new Mirai malware botnet, discovered by Dr. Web's antivirus team and reported by BleepingComputer, targets Android boxes sold through minor and major retailers. There are said to be millions of these boxes in active use.
- "The primary targets of this campaign are low-cost Android TV boxes like Tanix TX6 TV Box, MX10 Pro 6K, and H96 MAX X3, which feature quad-core processors capable of launching powerful DDoS attacks even in small swarm sizes," reported BleepingComputer.
Tanix TX6 and H96 MAX X3
The boxes are not powered by Android TV (or Google TV) certified by Google but instead mobile Android, or Android Open Source Project (AOSP) to be exact.
This allows the manufacturer of the box to modify the software and change the user interface, as opposed to officially licensed Android TV and Google TV boxes that share the same user interface as mandated by Google.
Pre-loaded or from malicious apps
Dr. Web claims that the malware arrives on the boxes in one of two ways: Either pre-loaded by the manufacturer or via malicious apps related to pirated content.
- "In the first case, those firmware updates are either installed by resellers of the devices or the users are tricked into downloading them from websites that promise unrestricted media streaming or better compatibility with a broader range of applications," the report said. "The second distribution channel is pirated content apps that promise access to collections of copyright-protected TV shows and movies for free or at a low fee."
Some of the same boxes – from AllWinner and RockChip – were in May 2023 discovered to come pre-loaded with malware, which is running a clickbot to generate ad money by tapping on ads in the background.
Also read: Google responds to reports of malware in Android TV boxes
Once again, it was advised to only buy and use officially certified Android TV and Google TV boxes such as Chromecast or Nvidia Shield, or to switch to another platform such as Apple TV, Roku or FireTV.
- Source: BleepingComputer
Sign up for FlatpanelsHD's newsletter
The latest news, in-depth articles, reviews, and exclusives in your inbox.