SECURITY NEWS – Yesterday, one of our readers sent me an email that said:
Some of the Chinese mini-pcs you are recommending are shipping with spyware factory installed, according to Tom’s Hardware. Just thought you should know.
I replied back asking for the link to the article, which was: Mini PC maker ships systems with factory-installed spyware — AceMagic says issue was contained to the ‘first shipment’. To say that I was concerned after reading this article would be an understatement because we have reviewed a LOT of mini PCs over the past year or two, and more than a few of them are from Ace Magic, Ace Magician, and Kamrui, which are the brands specifically mentioned in the article where people have found pre-installed spyware.
I immediately emailed everyone on the Gadgeteer team to inform them about this critical issue and asked the writers who have reviewed mini PCs to scan them to see if malware could be found on their review samples. Since the Tom’s Hardware article mentioned that Ace Magic responded about the problem, saying that only the first batch of units had this issue and that they “fixed” it, I was hoping that there were just a few units and that the ones we reviewed didn’t have any issues. Wishful thinking…
As the day progressed, my writers responded with the results of malware scans of various mini PC brands that we’ve reviewed, and here are the results so far. Note that we haven’t scanned every mini PC we’ve ever reviewed, but here are the ones that we have scanned so far. I’m starting with the mini PCs where we did find malware.
KAMRUI CK10 Intel 12th gen mini PC (review by Julian Perry) – FAILED malware scan/INFECTED
We just posted this mini PC review last week! Julian scanned it with Total AV scanning software ($19.99 per year purchase that can be used on three different machines) and was greeted with this alert:
Julian was able to remove the malware using the same Total AV software. The review has been marked with a warning.
ACEMAGIC AD08 Intel Core i9-11900H Mini PC (review by Matt Gregersen) – FAILED malware scan/INFECTED
ACEMAGIC AD08 Intel Core i9-11900H Mini PC review – party on the outside, business on the inside
This is another relatively newly posted review from December 2023. Matt found the same ENDEV.exe malware on this machine using the Microsoft Defender scanning software. The review has been marked with a warning.
The following is a list of mini PCs that we’ve scanned that are clean and passed the scans
Ace Magician Intel i5 12th-Gen Mini PC (review by Julian Perry) – PASSED malware scan
-Scanned with Total AV.
AceMagic AX15 laptop (review by Howard Sneider) – PASSED malware scan
-Scanned with Microsoft Defender, Malwarebytes and AVG.
Beelink SEi12 mini PC (review by Julian Perry) – PASSED malware scan
-Scanned with Total AV.
GEEKOM Mini PC IT13 (review by Greg Cleveland) – PASSED malware scan
-Scanned with AVG Free and Microsoft Defender.
Blackview MP80 mini PC (review by David Sheneman) – PASSED malware scan
-Scanned with AVG Free.
Blackview MP80 mini PC (review by Kenneth Woodham) – PASSED malware scan
-Scanned with Malwarebytes and AVGfree.
XULU mini PC (review by Kenneth Woodham) – PASSED malware scan
-Scanned with Malwarebytes and AVGfree.
Geekom AS6 mini PC (review by Matt Gregersen) – PASSED malware scan
-Scanned with Microsoft Defender.
Geekom A5 mini PC (review by Matt Gregersen) – PASSED malware scan
-Scanned with Microsoft Defender.
Geekom IT-12 mini PC (review by Howard Sneider) – PASSED malware scan
-Scanned with Microsoft Defender, Malwarebytes and AVG.
Acemagic AX16 Pro mini PC (review coming soon) – PASSED malware scan
-Scanned with Malwarebytes and AVG.
Future mini PC reviews on The Gadgeteer
I have instructed everyone on the Gadgeteer team that going forward, any reviews for mini PCs, laptops, and desktop PCs will include a mandatory section where we give the device a pass or fail grade after doing a malware scan.
Update 2/26/24
I received this email from Acemagic in my inbox today:
Hi Julie,
Hope this email finds you well. We noticed you recently published an article about our brand AceMagic PC with a Concerning Security Issue. We appreciate your forbearance while awaiting the outcomes of our inquiry and the ensuing resolution. Currently, we are addressing a recent solitary virus occurrence involving a specific lot of minicomputers.
Upon meticulous examination, it was revealed that our software developers, in an effort to enhance user experience by reducing initial boot time, made adjustments to the Microsoft source code, including network settings, without obtaining software digital signatures (A digital signature is an electronic, encrypted, stamp of authentication on digital information such as email messages, macros, or electronic documents. A signature confirms that the information originated from the signer and has not been altered), and the RGB lighting control software was also without one. This oversight led to isolated reports of virus-infected mini PCs manufactured before November 18, 2023.
We are treating this issue with the utmost seriousness and are actively taking affirmative steps to address it. We have now issued a statement on the official AceMagic website, which outlines a comprehensive resolution to the problem. You may access more information regarding this matter on our official website by clicking on this link: https://www.acemagic.com/blogs/about-ace-mini-pc/acemagic-mini-pc-virus-incident-comprehensive-resolution-and-future-security-measures
How to remove the MiniPC Bladabindi and Redline malicious software in just three steps to eliminate the malware?
Find the model that matches your computer, and download the antivirus application to your computer desktop.
Open your computer and select your computer system C drive to find the OsVer folder directory and open it. Drag and drop the ENDEV security application you downloaded into the Osver file directory. The system will prompt you to choose whether to replace the target file “ENDEVexe,” then select replace.
Right-click on Windows 11 “Start,” select and click on the “Settings” application, click on the “Privacy & security” section on the left side of the page. Under the Windows Security category, click the Windows Security button. On the Windows Security page, you will see “Virus & threat protection,” click to enter this page, and click the “Quick Scan” button to wait for the scan results. Finally, you will see the prompt “No current threats” on your computer.
More details please check this link to learn how to remove the malware: https://www.acemagic.com/pages/drivers-downloads
Gadgeteer Comment Policy - Please read before commenting
*** YIKES ***
FWIW… We purchased a specialty printer with printer-specific drivers and editing software included on a USB flash drive (everything sourced from China via Alibaba). We installed the software on a standalone PC and were alerted that the software was riddled with viruses and spyware. I recommend using a computer NOT connected to any other servers/PCs to install and test your software.
I have used quite a few of these mini PC’s for various purposes like HTPC or for browsing, editing etc.
I have never used the installed Windows OS, not even started it up.
Always install my favourite linux distro, with verified checksum and never a problem.
Yes I am still vulnerable for firmware alterations but these are rare and need quite some more skills on the attackers side.
Also do not assume that the list of mini PC’s above that passes the virus scan are “safe”. Keep scanning and checking.
Thanks for giving this due diligence and reporting what you found. It definitely gives one pause when considering price vs security.
First thing you do on any new PC – mini, gaming, OEM or beige box is delete all the partitions and scratch the OS.
I’m sorry to run you up the flag pole after this but it’s kinda odd that you’ve never AV scanned a single device that you’ve ever reviewed? It must be shear luck that you haven’t lost all your personal & financial details up to now. After this I would hope that at the very least that you’ve now scanned your entire office & home networks. Then there’s every device that has ever been attached to it that needs checking too. If this is how so called experts handle security no wonder things are so bad.
Most if not all Mini PC’s are made in China. Infected BIOS or EUFI are not uncommon in China. With state sponsored attacks against the U.S., trust is low. China sending spy baloons and getting shotdown by U.S. military, the AI ban on NVIDIA chips exported to China, the list goes on. Any motherboard manufacture has access to the BIOS and firmware. Any 34rd party reseller has access to the BIOS and firmware, and often modify it with a custom splash screen and thats another attack vector. You may feel inclined to buy a barebones PC, feel confident that replacing the SSD, RAM, and OS insulate you from attack. If you ignore the motherboard and where it’s made, the rest is little reassurance of a clean system. Infected BIOS of itself is of little value, but when the virus pivots into the kernel, thats when the infected code takes shape, communicate with the attackers server, and becomes active in stealing passwords, key logging, and so forth. The U.S. Government CHIPs act is a step the right direction. We need to make hardware at home, as our foreign adversaries can no longer be trusted. That’s why the U.S. Military has custom hardware and custom software that isn’t reliant on foerign parts. Our civilian assets however have become more vunerable to China and it’s showing… Buy American or else.