“In total the researchers confirmed eight devices with backdoors installed—seven TV boxes, the T95, T95Z, T95MAX, X88, Q9, X12PLUS, and MXQ Pro 5G, and a tablet J5-W. (Some of these have also been identified by other security researchers looking into the issue in recent months).”
edit this is the v4 of the title of this post. I’m not accustomed to editorializing or de-editorializing posts. I believe that the brand names involved were fairly trivial to the discussion of escalating malware cyberoperations especially if they are state sponsored. Earlier versions of the title were mischiefously incendiary. I apologize for that.
Edit: OP fixed their title! Thanks OP! The original title was worded to state that Apple TVs were pre-installed with malware, which is not true. The rest of this comment can be ignored now but I’ve left it for reference:
OP’S headline is a lie and should be taken down or modified.
There are no Apple devices preloaded with malware or backdoors in this article.
Human Security’s research is divided into two areas: Badbox, which involves the compromised Android devices and the ways they are involved in fraud and cybercrime. And the second, dubbed Peachpit, is a related ad fraud operation involving at least 39 Android and iOS apps. Google says it has removed the apps following Human Security’s research, while Apple says it has found issues in several of the apps reported to it.
The same security firm that found the malware on the cheap Chinese ANDROID ONLY boxes, separately found android and ios apps which are security risks (and need to be downloaded manually). The firm reported the apps to both Google and Apple. Both companies are dealing with the reports appropriately.
Thank you. No hatred toward anyone involved, but the first question is whether I’m affected and this provides a clear answer
Why does this headline say “AND Apple”?
Because there are some iOS apps implicated, I assume. It’s definitely misleading, if you buy one of the tv boxes they talk about in the article you are almost certainly getting malware, if you buy an appletv even used, the chance it has malware that would survive a clean reinstall is minuscule.
Honestly, it’s an easy way to get upvotes with this community. A lot of people will upvote it without reading it, much less thinking critically about it for half a second.
This article does NOT say Apple is shipping hardware with badbox / peachpit preinstalled.
It does look like some shady apps got submitted to Apple’s App Store and were committing Ad Fraud. Moreover, it looks like the Android Badbox devices are kind of toast, unless you’re up for totally reinstalling new firmware.
https://www.humansecurity.com/hubfs/HUMAN_Report_BADBOX-and-PEACHPIT.pdf
If you bought a name brand streaming device, and only installed popular well known apps from their marketplaces, you’re properly fine.
This is the best summary I could come up with:
This week, cybersecurity firm Human Security is revealing new details about the scope of the infected devices and the hidden, interconnected web of fraud schemes linked to the streaming boxes.
“They’re like a Swiss Army knife of doing bad things on the Internet,” says Gavin Reid, the CISO at Human Security who leads the company’s Satori Threat Intelligence and Research team.
“This is a truly distributed way of doing fraud.” Reid says the company has shared details of facilities where the devices may have been manufactured with law enforcement agencies.
In the second half of 2022, Human Security says in its report, its researchers spotted an Android app that appeared to be linked to inauthentic traffic and connected to the domain flyermobi.com.
When Milisic posted his initial findings about the T95 Android box in January, the research also pointed to the flyermobi domain.
The company’s report, which has data scientist Marion Habiby as its lead author, says Human Security spotted at least 74,000 Android devices showing signs of a Badbox infection around the world—including some in schools across the US.
The original article contains 455 words, the summary contains 180 words. Saved 60%. I’m a bot and I’m open source!
