Thousands of Android (streaming) devices come with unkillable backdoor preinstalled

androidtate@lemdro.id to Android@lemdro.id – 117 points –
Thousands of Android devices come with unkillable backdoor preinstalled
arstechnica.com
5

It's not like these Android boxes are killer deals either.

This is the best summary I could come up with:


This week, cybersecurity firm Human Security is revealing new details about the scope of the infected devices and the hidden, interconnected web of fraud schemes linked to the streaming boxes.

“They’re like a Swiss Army knife of doing bad things on the Internet,” says Gavin Reid, the CISO at Human Security who leads the company’s Satori Threat Intelligence and Research team.

“This is a truly distributed way of doing fraud.” Reid says the company has shared details of facilities where the devices may have been manufactured with law enforcement agencies.

In the second half of 2022, Human Security says in its report, its researchers spotted an Android app that appeared to be linked to inauthentic traffic and connected to the domain flyermobi.com.

When Milisic posted his initial findings about the T95 Android box in January, the research also pointed to the flyermobi domain.

The company’s report, which has data scientist Marion Habiby as its lead author, says Human Security spotted at least 74,000 Android devices showing signs of a Badbox infection around the world—including some in schools across the US.


The original article contains 455 words, the summary contains 180 words. Saved 60%. I'm a bot and I'm open source!

I like how they say that only people with technical skills can remediate this malware but many of these boxes are very cheap, I've seen them on AliExpress for $15 or so.

To replace the firmware is about a 1-hour task following online guides.

So if being cheap is your primary objective it's definitely not off the table to buy these boxes, just know that when you buy them your first task before they are ever connected to the network is to reflash them.

Did they just discover the LTT video about this from a couple months back?

Not really the same thing.

The LTT video (which was started by the same report as the Wired article ars reproduced) attempts to talk more deeply about what's on the boxes.

The linked article, however, talks about the further investigations that took place into the C2 service behind these boxes, and what steps were taken to try and stop them.