I know you have seen them, Android TV boxes promising access to the newest and greatest shows and movies for FREE! Just buy this Android TV box, plug it in and enjoy! Right? Wrong!

In a video released by Linus Tech Tips, over 50% of all android TV boxes that promise free access to content contained some form of malware or backdoor. 50% of the boxes attempted to connect to and initiate downloads from super sketchy websites immediately upon connecting the device to a network. While some of these boxes were connecting to “firmware over the air” sites, as pointed out by Linus; when looking into the IP addresses of the sites, they were hosted in China, which has lax regulations on file hosting laws there’s no way to tell if they are even legit.

Another tech youtuber DesktopEcho had their TV boxes contact all sorts of wild sites on setup, which then were attempting to download and dump payloads into the CoreJava directory, which was contained on over 50% of these Android boxes. This directory appears to be related to CopyCat, yes the Android CopyCat. CopyCat can root your device so its basically open season on that malware’s capabilities. The worst part is it seems that more than half of these Android boxes are running the same or similar OS and also appeared to be manufactured all by the same company. Although this claim cannot be proven without flying to China and checking out the factories of each company. Linus and his team also went as far as trying to re-flash the OS onto the devices, most of the time being unable to find the OS and files needed. With the ones they did find reaching the same issue they had with the firmware over the air connections which is not being able to verify the files and ending up with the same OS, with the same CoreJava directory, attempting to dump the same payloads. (I am including another resource here for people to see how much damage the copycat malware did)

The biggest problem with connecting this rooted device to your home network that is immediately contacting outside sources and giving them a way in, is this is what’s called a foothold and used for what is called “lateral movement” through your network and devices. This device gives an attacker a for sure way in with your network credentials already in hand. This would make accessing other devices on the network extremely easy if someone with a bit of skill were to try. It is worth noting that some of these devices did not attempt to make any such connections or to download any payloads, but they DID still contain the same CoreJava directory, which just means that it could just lay dormant on your network until its needed for a botnet or some other nefarious use. All of these devices came pre-rooted as well so the sketchiness is just there all around.

Another big problem with these devices that Linus and his team found was that almost none of them actually contained the hardware that was listed on the spec sheets. Some of them running only a couple hundred megabytes of ram compared to the 4gb promised and a good portion of the ones claiming 4k streaming not even being able to display images and video higher than 720p. Some did stream in 1080p but that seems irrelevant when promised 4k. When Linus and his team opened these boxes the chips were clearly stamped with fake information to appear to be what it claimed but were not what they claimed. Most of the times being much weaker chips, or not even being able to find the actual specs. It seems overall from the threat of malware and backdoors to fake hardware specifications and fake hardware itself. These boxes are just a bad idea. I would never use one of these devices after watching the video. It is best to steer clear of any android TV box that is promising free access to media, especially in high resolutions. If you really want an Android TV box, check out the Nvidia Shield and similar boxes as those are true 4k streaming boxes with access to video games and tons of other entertainment. When stuff like the Shield exist, buying cheap android TV boxes and risking your entire home network is just a terrible idea. Do your research and be smart.. as always much love – Binx