SECURITY NEWS – Last week, I wrote an article about some brands/models of mini PCs selling with pre-installed malware. As a result of that article, two mini PCs that we reviewed here on The Gadgeteer were found to have malware installed. That prompted a new rule for the team to do malware scans for any mini PCs, laptops, and desktop PCs that we review and add the results of those scans in the review itself.
Now, another security issue has come to light; this time, it is with Android devices like Android phones, tablets, TV boxes, etc. One of our readers commented on a recent Android TV review with a link to an article from Tom’s Guide where malware was found on some Android TV boxes due to the fact that the devices were not Google Play Protect certified. The article linked to a page on Google talking about why this certification is important. You can read about it here. But the TL:DR version of the article is that when Android devices are not Google Play Protect certified, they may not be secure. The article goes on to provide the simple steps necessary to test if a device is certified. Even more info can be found on this page at Android.com
So, just like mini PCs, we’ve also reviewed quite a few 3rd party Android devices, so once again, I sent an email to the team asking them to check their recently reviewed Android devices to see if they are Play Protect certified and many weren’t.
We found one Android device that was exhibiting dangerous behavior!
During our testing, we actually found one device that went beyond not being certified but was actually exhibiting some concerning behavior that was flagged as such his Netgear Orbi 960 wireless router. The device is the Mecool KM7 Plus Android TV box. Julian had it hooked up to a TV, but it wasn’t powered on. When he powered it on, the following alerts immediately showed up on his phone from his router:
A quick Google of the logic-loom.net website gave me this info:
Another search/scan of the other website gave me this:
You might be wondering what this type of behavior can do. Why does a device visiting a website even matter? I’ll admit that I used to think that way. The problem is that these sites can potentially data mine your account information for various apps and use your user ID and login info to back door into services to get your payment info and potentially use that info to steal your identity, among other things.
I want to make it clear that just because an Android device is not Google Play Protect certified, that does not mean that it actually has malware installed or that it will try to steal your info. This information is provided so that you can do your due diligence to keep your information safe.
Devices we have reviewed that aren’t Play Protect certified:
Boox Tab Ultra C Pro – ePaper tablet
Boox Tab mini C – ePaper tablet
Boox Page – eReader
MECOOL KM7 – Android TV box
Devices we have reviewed that are Play Protect certified:
Mecool KM2 Plus Deluxe Android TV box
Oukitel RT7 Titan Android tablet
I want to say once again that just because a device isn’t Google Play Protect certified, it doesn’t mean that the device will have malware installed on it. But, I thought it would be for everyone’s benefit to include testing in our future Android device reviews to let buyers know one way or another about an Android device’s Play Protect certification status.
Gadgeteer Comment Policy - Please read before commenting
We had/have a basic 4k LCD LG TV. 38-42″ range, I don’t remember. It was an early model running WebOS, that we bought to keep in the basement for the in-laws when they visited, so it got very little use. One day our network was UNGODLY slow so I started digging in my network setup. Immediately i found that TV had over 10,000 (the max allowed by my router per device) outgoing connections to thousands of random IP’s. It had been compromised and joins a massive bot net. I attempted factory reset, firmware updates, but after a few days it will always go back to being a naughty tv. LG’s response was basically “Sorry that device is End of Life, here is a Coupon for another TV from us”.
The crazy thing is even if I don’t setup networking on the TV, it WILL JOIN any open wifi within range and continue it’s evil deads. It’s impressive malware tho, brilliantly written. We no longer have that TV in the basement, it’s been moved to my workshop up on the rafters as my tester display, I also snipped the wifi antenna so it’s pretty harmless now.
We have a larger/new LG OLED, it’s hard wired, had it 2-3 years now, no issues thankfully.
Madness!
Good morning, I would like to know if I can get any updates in regards to Malware, Viruses and such things like this. I have an older Google Pixel 3XL, and it says that there are no more updates for my phone. Do you have any information on how I can get an update for my phone. Any information that you could direct my way would be greatly appreciated!
Thank you, Respectfully
Leslee MacDonald
ro*******@ms*.com
Leslee, unfortunately you will no longer be able to receive firmware updates for that phone since Google is no longer supporting it.
I have a MECOOL KM2, it too was attempting to connect to suspicious domains after a firmware update
It’s quite disappointing to see this considering it was Google Certified at least, running real Android TV, unlike the low tier Aliexpress no name boxes that run some hacked up version of android.
I’ve used ADB to purge what seems to be the responsible app based on reddit posts, and no more suspicious requests have been observed,