Google has officially responded to reports of malware coming pre-installed in some popular Android TV boxes. We previously reported that security researchers confirmed boxes sold by AllWinner and RockChip came with malware that functioned as clickbots, but could be made to push any payload the authors desired. In Google’s response, they note that the Android TV boxes in question aren’t actually running the Android TV OS, but the mobile Android OS with a modified interface.
“We have recently received questions regarding TV boxes that are built with Android Open Source Project and are being marketed to appear as Android TV OS devices,” Google’s statement reads. “Some of them may also come with Google apps and the Play Store that are not licensed by Google, which means that these devices are not Play Protect certified. To help you confirm whether or not a device is built with Android TV OS and Play Protect certified, our Android TV website provides the most up-to-date list of partners. You can also take these steps to check if your device is Play Protect certified.”
The following was originally published May 23, 2023:
Security researchers have confirmed that popular Android TV boxes sold by Chinese brands AllWinner and RockChip come shipped with malware. The boxes in question have sold in huge quantities on Amazon and other popular retailers, and experts are now advising consumers to throw them away.
The default mode for the malware the boxes come shipped with are clickbots that continually click on ads in the background, unbeknownst to the user, to generate money.
“But because of the way the malware is designed, the authors can push out any payload they like,” security researcher and discoverer of the malware in question, Daniel Milisic, told TechCrunch. This means the malware could be used for any number of malicious purposes, including cyberattacks, stealing information, and DDoS attacks.
See also: Matrox Video and Ernitec introduce integrated line of video wall servers
Milisic’s discovery was independently verified and confirmed by EFF security researcher Bill Budington. The two concluded that since there is no easy way for the user to remove the problematic software, the best course of action would be to dispose of the infected unit.
TechCrunch reports that several models from the two companies come preloaded with malware, including the AllWinner T95Max, RockChip X12 Plus, and RockChip X88 Pro 10.