Infection corrals devices running AOSP-based firmware into a botnet.
Gee, I bought this cheap made in China Android TV thing off Ali express, and I just can’t figure out how this backdoor got in here…
Oop… They got my printer now.
And my axe!
RethinkDNS (available on F-Droid) has a mode where it blocks every connection by default and you have to allow each app to access the network. I used that to effectively disable the pre-installed malware on my Android TV box (X88 Pro iirc). It also has DNS and connection logs to check network traffic (can be a lot though). GlassWire (Play Store) is nice to quickly check for an unexpected amount of network traffic. Not sure if there’s ways around that, but it worked in my case a while ago.
These tools look amazing. Thanks for sharing.
Here’s a link for those interested: https://rethinkdns.com/
The logs are searchable by app, IP , and domain, so that helps a lot.
I have a MiBox, I wonder if its vulnerable
this is a nothing-burger. the same “article” from days ago, rehashing the same bullshit, quoting a totally unknown security researcher firm (that, conveniently, also sells some turd that’s gonna rid you of this scourge) with zero details, followed with less than zero fact checking from arse technica, like how did they establish the 1.3 milsky number, the “infection” vector and other similarly “unimportant” shit.
portals like the mentioned arse thing are hungry for content and are willing to publish any old thing that even resembles quality content. keep your eyes open, your wits about you, and question everything.