121
Spyware Found in AceMagic Mini-PCs (www.guru3d.com)
submitted 11 months ago by MazonnaCara89@lemmy.ml to c/technology@lemmy.ml
46 comments fedilink hide all child comments
all 50 comments
sorted by: hot top controversial new old
[-] yggstyle@lemmy.world 39 points 11 months ago

Can't wait until this spurs the security community into doing a deep look at the roms on these cheap Chinese boards. Yeah the malware was caught - but what's more important is the intent. This is a country that is constantly behind breaches and botnets... and here we have these PCs being marketed as router replacents and mini servers. It doesn't take much to figure out that this is free back door territory.

[-] witx@lemmy.sdf.org 9 points 11 months ago

Yes! I've been telling this to friends who keep buying Chinese boards to use as routers and NAS ... wth

[-] Heratiki@lemmy.ml 3 points 11 months ago

I mean depending on what board you’re using it’s unlikely it’s hardware level snooping that supersedes changing the firmware. Especially if you stick to those that run on open source firmware.

[-] qaz@lemmy.world 9 points 11 months ago* (last edited 11 months ago)

but what’s more important is the intent

Afaik, the problem was a trojan inside the cracked windows images they used to avoid paying for windows keys. I doubt the intent was to create a botnet, it seems more like generic cybercrime.

I personally always wipe the preinstalled OS to avoid issues like this. However, make sure to use a clean image directly from the source. Simply reinstalling from within Windows wouldn't have helped in this case, because the malware was part of the recovery files.

The story originated from a video from the "The Net Guy Reviews" YouTube channel. Most articles I've seen so far oversimplify the issue and/or get facts wrong, therefore I recommend checking out the original video if you want to learn more.

[-] yggstyle@lemmy.world 5 points 11 months ago

Yeah malware is everywhere - This could simply be a product of an individual actor abusing their position in a supply chain.... but this also goes for hardware as well. It is certainly a more difficult vector to attack from but due to its 'level' it's a valuable position to compromise.

[-] sugartits@lemmy.world 16 points 11 months ago

It comes pre installed with Windows, so that's a given isn't it?

[-] qaz@lemmy.world 3 points 11 months ago

Yes, but this type also steals your credentials.

[-] onlinepersona@programming.dev -2 points 11 months ago

You're repeating what @sugartits@lemmy.world said 😉

CC BY-NC-SA 4.0

[-] JCreazy@midwest.social 15 points 11 months ago

Remember kids if you're going to buy a Chinese pre-built, wipe that shit before use.

[-] sylver_dragon@lemmy.world 14 points 11 months ago

Remember kids if you’re going to buy a ~~Chinese~~ pre-built, wipe that shit before use.

Always wipe and start fresh. Yes, Chinese brands seem to be worse about security, but there's no reason to keep bloatware and FSM only know what other crapware the OEM installed.

[-] onlinepersona@programming.dev -2 points 11 months ago

Always wipe and start fresh.

NSA is unhappy about this one little trick!

CC BY-NC-SA 4.0

[-] ReversalHatchery@beehaw.org 8 points 11 months ago

To me that always applies, irregardless of the manufacturer. Supply chain attacks are a thing, they are not even necessarily targeted. "I'm not interesting enough" does not apply: everyone has contact with other people, mostly everyone has (or will have) voting rights, and some will have authority over other people.

[-] ohlaph@lemmy.world 6 points 11 months ago

Or... don't buy it to begin with.

[-] sugar_in_your_tea@sh.itjust.works 4 points 11 months ago* (last edited 11 months ago)

Yup, I don't trust it to not install a rootkit on the BIOS or something. Buy from reputable companies, and if you get a prebuilt PC, you'll probably want to reinstall Windows to get all of the adware off. If you don't use Windows, you're probably fine with just buying from a reputable vendor.

[-] Gabu@lemmy.ml 2 points 11 months ago

That's what I'm always most paranoid about - buying storage and having some bad actor insert malicious code through unusual means.

[-] sugar_in_your_tea@sh.itjust.works 0 points 11 months ago

Yup, it's not worth saving $20 or whatever to buy a sketchy brand, just buy a well known brand with an image to uphold and you'll be fine.

[-] schizoidman@lemmy.ml 14 points 11 months ago

Kinda low effort when just a windows defender scan can detect it.

[-] Helix@feddit.de 13 points 11 months ago

imagine what they didn't find!

[-] Helix@feddit.de 6 points 11 months ago

Now check the other mini PCs from other random Aliexpress, Banggood, Gearbest and Temu vendors...

[-] bloodfart@lemmy.ml 5 points 11 months ago

These are gonna be a good deal soon.

[-] CaptObvious@literature.cafe 5 points 11 months ago

If anyone is willing to buy them.

[-] bloodfart@lemmy.ml 4 points 11 months ago

Thats why they’ll be a good deal.

The hardware is the same as several other brands, and none of them have come up bad. Ultimately it really does look like someone either got got on the image they cloned from or maliciously inserted windows spyware into it. Either way it’s nothing a flatten and reinstall won’t fix.

Hell, if the windows keys are legit you don’t even need to use the oem reinstall media.

[-] Gabu@lemmy.ml 4 points 11 months ago* (last edited 11 months ago)

I mean, technically, you can always use hardware, even if it's been bombed to shit with malware. Just never connect it to any sort of network, never transfer files from that PC with bidirectional channels and never use that PC's hardware anywhere else.

[-] CaptObvious@literature.cafe 1 points 11 months ago

LOL! Fair point

[-] fin@sh.itjust.works 2 points 11 months ago

Maybe we should have a working Linux live USB before we buy a new laptop so that we can set it up without connecting it to the home router.

[-] ShortN0te@lemmy.ml 10 points 11 months ago

Does not help when the spyware is embedded in the firmware.

[-] Gabu@lemmy.ml 2 points 11 months ago

Which, I would expect, happens to most of these shitty pcs from no-name Chinese brands.

[-] sugar_in_your_tea@sh.itjust.works 2 points 11 months ago

Probably not most, but it's still a risk that's not worth taking. I'd rather buy from a company with brand image to uphold.

[-] Moonrise2473@feddit.it 1 points 11 months ago

I am not saying that the image is to be trusted, but "Win32/Wacatac.B!ml" is just a generic name for anything obfuscated by vmprotect. Most cracks are detected as "Win32/Wacatac.B!ml"

Also, because it's detected by microsoft defender itself, if they really had a malicious intent, they would have whitelisted those executables in the disk image.

[-] MazonnaCara89@lemmy.ml 1 points 11 months ago

The vendor itself acknowledged the situation by saying that the virus problem was solved!

this post was submitted on 10 Feb 2024
121 points (97.6% liked)

Technology

35204 readers
123 users here now

This is the official technology community of Lemmy.ml for all news related to creation and use of technology, and to facilitate civil, meaningful discussion around it.

Ask in DM before posting product reviews or ads. All such posts otherwise are subject to removal.

Rules:

1: All Lemmy rules apply

2: Do not post low effort posts

3: NEVER post naziped*gore stuff

4: Always post article URLs or their archived version URLs as sources, NOT screenshots. Help the blind users.

5: personal rants of Big Tech CEOs like Elon Musk are unwelcome (does not include posts about their companies affecting wide range of people)

6: no advertisement posts unless verified as legitimate and non-exploitative/non-consumerist

7: crypto related posts, unless essential, are disallowed

founded 5 years ago
MODERATORS
MinutePhrase@lemmy.ml