Inexpensive and popular Android TV streaming gadgets based on chip sets manufactured in China are reportedly arriving laced with malware out of the box after delivery from online retailers including Amazon.
The devices, marketed under brand names like T95Max, RockChip X12 Plus and RockChip X88 Pro 10, are based on system-on-a-chip hardware from AllWinner and RockChip.
Reports about cheap Android mobile devices being infected with malware aren't necessarily new, but the problem seems to have also quietly proliferated to the TVOS side of Google's business, with security researchers uncovering connected TV gadgets loaded with malware and ready to coordinate cyberattacks.
As first detailed by TechCrunch, Ontario, Canada-based IT pro Daniel Milisic published last year on GitHub his experience with a T95, which has a four-star rating on Amazon amid 744 reviews.
Milisic said the device began connecting out of the box with a botnet network of thousands of other infected Android TV gadgets around the world. The device, he said, immediately sought out a command and control server, which downloaded additional malware to his gadget.
The malware enabled the T95 to begin conducting ad-click fraud, clicking on ads in the background.
In his GitHub post, Milisic published the script he used to "defang" what he described as a "no good, awful, nasty little ARM-powered TV/hobby box."
Milisic's findings were confirmed by Electronic Frontiers Foundation security researcher Bill Budington in this report.
In an email to Next TV Friday, Adrianus Warmenhoven, a cybersecurity advisor at NordVPN, said that in addition to ad fraud, the malware could be used to mine user data or cryptocurrency, among other malfeasance.
Next TV's query Friday to Google Android TV reps for a response wasn't immediately replied to.
