Streaming devices also known as TV Boxes, especially those based on Android TV, have carved out an important space for themselves in the homes of millions of users. However, like any technology, these devices are not free from potential threats e issues. The case of Android TV boxes compromised by Triada is an emblematic example: Ars Techica tells us about it revealing the backstory.
Topics of this article:
Where malware originates
Last January, the security researcher Daniel Milisic he identified an unexpected threat related to the use of a popular Android TV-based streaming device, the T95. Unbeknownst to him, the device was infected with malware directly from the factory, but subsequent findings highlighted that this represented only the tip of the iceberg. There Human Security, a company specializing in cybersecurity, unveiled further details, uncovering a vast network of fraud and infected devices.
Investigations conducted by Human Security have explored two distinct problem areas. The first, called bad box, concerns compromised Android devices and their role in fraud and cybercrime operations. The second, nicknamed Peachpit, concerns a related ad fraud operation involving at least 39 apps on Android and iOS. Google and Apple have both taken action following Human Security's investigations, deleting or modifying the apps involved.
Read also: Netflix: frame rate matching arrives on Google TV and Android TV
How the Android TV Triada malware was created
The malware, linked to the well-known Triada discovered by Kaspersky in 2016, is installed in devices during an unspecified stage of the production chain in China. As soon as the device is turned on, the malware contacts a command and control (C2) in China, thus initiating a series of operations poco clear. All of this happens without the knowledge of the end user, who simply expects to use the device to stream their favorite content.
These devices, often sold online or in physical stores at low prices, act as a kind of “Swiss army knife”, performing a wide range of fraudulent and criminal activities. From ad fraud to creating fake Gmail and WhatsApp accounts, the malicious capabilities of these devices are varied. Access to home networks is also being sold, with criminals claiming to have access to over 10 million home IP addresses and 7 million mobile IP addresses.
How to fix
Despite the proactive action of security companies and authorities, the threats are not completely eliminated. Compromised devices are still in people's homes and on their network. Eliminating malware is difficult without technical skills and, therefore, the wisest advice for those who buy TV streaming boxes is to opt for branded devices, where the manufacturer is clear and trusted.
It is essential that users and technology enthusiasts are always informed and cautiously selective in their purchases, even for Android TV boxes, giving preference to devices that come from reliable brands and manufacturers. As Reid suggests, “Friends don't let friends connect weird IoT devices to their home networks"
