Millions of cheap Android TV boxes come pre-infected with botnet malware

A generic looking Android TV box
(Image credit: Shutterstock)

If you’re still using an older Android TV device that you bought from Amazon, it might be time to upgrade to one of the best streaming devices. Back in May, we reported about a wave of malware that was being used to infect budget Android TV boxes — now it appears that a second botnet has been discovered on some of the same devices. 

The Android TV devices in question are made by AllWinner and RockChip, two Chinese-based companies that have hundreds of '5-star reviews' on Amazon. Those devices can be used for launching “powerful DDoS attacks” or will secretly download a clickbot that will click on ads in the background to commit ad fraud for the device’s manufacturer. 

According to Russian IT-security solutions vendor Dr. WEB, the malware on the device can be acquired in one of two ways — it’s either put there via a firmware update from the manufacturers or can be a side-effect of downloading third-party streaming apps that promise free content. 

It’s important to distinguish between devices made by Sony or Google — like the Chromecast with Google TV — and devices like these budget Android TV boxes. The former use an official version of Google TV or Android TV while the latter use the Android Open Source Project platform that’s available for anyone to download and modify.

The less-known dangers of pirating content

One of the ways the trojan virus moves from machine to machine is via illegal streaming software that's commonly used to pirate movies and TV shows. These apps promise to give you easy access to the newest movies as soon as they're available digitally, but are often dodgy both legally and  from a security perspective.

If you’re using a third-party device to pirate content you will very likely want to toss it out for something that’s more secure — or, you know, not pirate content. 

That being said, however, if you use an Android TV or Google TV device from a reputable maker and strictly use it for on-the-level streaming from apps like Netflix and YouTube, there’s nothing to worry about. Those apps might use or sell your data, but they aren't using your devices for extra computing power to execute widespread acts of cyberterrorism.

Want an Android TV device that lets you play the latest games, stream movies in the highest resolution and can even serve as a PLEX movie server? Check out the Nvidia Shield TV or Nvidia Shield TV Pro.

More from Tom's Guide

Nick Pino
Managing Editor, TV and AV

Nick Pino heads up the TV and AV verticals at Tom's Guide and covers everything from OLED TVs to the latest wireless headphones. He was formerly the Senior Editor, TV and AV at TechRadar (Tom's Guide's sister site) and has previously written for GamesRadar, Official Xbox Magazine, PC Gamer and other outlets over the last decade. Not sure which TV you should buy? Drop him an email or tweet him on Twitter and he can help you out.