Select Android TV Streaming Devices Reportedly Sold Loaded with Malware; Is Your Data Affected?

Digital marketplaces are a highly convenient shopping destination for consumers, but hidden dangers can still lurk for online shoppers. Tech Crunch is reporting a new issue customers need to be aware of: popular Android TV streaming boxes from companies AllWinner and RockChip, which are frequently sold on Amazon, come preloaded with malware capable of instigating cyber attacks.

Once connected, these devices communicate with thousands of other similarly-infected streaming players around the world. The default payload is a clickbot used to engage with ads in the background, which means its current function is to commit ad fraud. However, this botnet could also be reprogrammed and used to mine data from users, launch denial-of-service attacks, and more.

The devices in question include:

• AllWinner T95 and T95Max models
• RockChip X12 Plus and X88 Pro 10 models

Bill Buddington, who is a security researcher at the Electronic Frontier Foundation, recently tested the devices following initial reporting from GitHub's Daniel Milisic. Buddington told Tech Crunch that the bot network could reemerge at any time, and it’s hard to know just how big it really is.

“It’s difficult to quantify the scale of this network,” Budington told said. “What we do know is that everywhere we look there are different variants of Android trojan malware downloading next-stage malware from the same set of IPs, ones that have been involved in supply-chain attacks in the past. It’s an impressive and unsettling operation.”

If you find that you own one of the affected devices, Milisic does provide instructions on how to remove the malware from them. But the easiest solution for most consumers would be to simply throw the devices away, and get a trusted streaming player from Roku, Amazon Fire TV or Google that won’t potentially contribute to cyber attacks or illegal data mining operations. Milisic says that retailers must be more informed before allowing potentially dangerous products on their platforms.

“I think the only way to mitigate this problem is to hold retailers to a higher standard,” he told TechCrunch. Referring to online commerce platforms like Amazon, he continued “they’re not allowed to sell children’s toys made out of spinning razor blades, why is it OK to let small, unknown vendors sell computers acting maliciously without owners’ knowledge and permission?”

Although these devices are reportedly not being used to steal information from users as of yet, the risk of such an occurrence remains high. Streaming services are popular targets for cyber attacks because they house personal details about so many people, including payment methods and contact information. Sling TV endured a cyber attack that lasted for weeks this year, and Fubo was hit with an attack during the 2022 FIFA World Cup.

There’s an inherent risk in using your credit card just about anywhere on the internet, but streaming players preloaded with malware are a hazard that no consumer should have to worry about. Nevertheless, users should beware of who they’re buying from, as there are far too many shady companies out there willing to stoop to these tactics to put money in their own pockets.