If you have already bought an Android deco on Amazon or if you were thinking of buying one, it is important that you are aware of the security alert that has been issued. From the network comes a notice that indicates that models with processors from certain manufacturers have malware preloaded from the factory. And the bad news is that these are not decos that go unnoticed, but some of them are among the most popular at the moment.
Go quickly to see what is the processor of your Android deco if you have one of them. The chip manufacturers RockChip and AllWinner have been marked in a security advisory that has been circulating in recent hours with which the spotlight is placed on these Chinese brands. Devices using its components are hugely popular on Amazon and their positive reviews number in the thousands. But to everyone’s surprise, these devices are being sold with preloaded malware that users are unaware of.
Danger in Chinese decos
The malware that is being found on these devices is not exactly something to be calm about. This is a type of infection that can cause your Android deco to be used remotely by hackers with the intention of connecting your machine to thousands of others and thus carry out cyberattacks and fraud. It is, therefore, a serious problem to which all kinds of people who have decided to purchase one of these products are being exposed.
While it is unknown how the malware was preloaded, whether it was a bug, or just some crazy plan to have controllable devices scattered around the world, there is no doubt that these deco, sometimes they are too cheap not to have fine print. Both the models with the AllWinner processor and those with the RockChip are characterized by having a low price and, at the same time, offering so many customization possibilities that they are irresistible. With them you can unify your streaming platforms and take advantage of a very dynamic environment.
This is how the malware was discovered
The first notice of what seemed to be happening was given by a security specialist named Daniel Milisic when he purchased the AllWinner T95 and discovered that it had malware pre-installed. But he was not satisfied and wanted to know what exactly was happening. Thus he discovered that the device was connected to control servers waiting to receive remote orders. Investigating further, he came to verify that his Android deco was just one of the thousands of devices that were connected to the same botnet. The surprise was greater when seeing that these terminals were distributed throughout the world.
Unfortunately, digging into his discovery led him to find more and more about the malware. Something that he has verified is that it is a clickbot-type virus, which means that it is constantly clicking on ads without you knowing anything. Once you connect the device for the first time, the malware makes the connection to the control center, receives its orders and starts generating advertising clicks. However, that is only the base, since the possibility of remotely controlling the deco means that hackers can implement other processes and plans to earn money at your expense.
Although in the case of Milisic he contacted the Internet provider that was hosting the control center he had detected, and that led to his removal, the user is clear that the botnet in question can return at any time with a new one. facility. These networks of devices connected to each other with malware have the main objective of obtaining funds in different ways, be it mining cryptocurrency, with advertisements or other fraudulent systems.
The problem is that, as the expert has mentioned, it is not easy to remove malware from the deco unless with advanced knowledge. He directly recommends throwing it away. In his opinion, stores like Amazon have to raise their standards and make sure that these types of devices are not sold. At the moment, neither RockChip nor AllWinner have commented on the matter.
