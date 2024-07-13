In late 2023, a cybersecurity firm called Human Security released a detailed report (PDF) on its investigation into the world of low-end Android streaming boxes. This followed research from earlier that year by cybersecurity expert Daniel Milisic, who discovered a suite of malware on a cheap Android player he had purchased, straight out of the box.

Based on Human Security's findings shared with WIRED that year, around 200 different models of low-end Android boxes were infected with some kind of malware, presumably added to the device's firmware sometime between their manufacture and sale. All of these low-end boxes generally cost less than $50 and are sold both online and in physical storefronts. These devices have names composed of seemingly random letters and numbers like MXQ or T95Z, and are either completely brandless or are branded with obscure, strange-sounding company names that nobody has ever heard of. It's also worth noting that, in addition to a variety of low-end Android boxes, Human Security also found similar security vulnerabilities on an off-brand Android tablet, showing just how pervasive these shady efforts can be.

Following the release of this research, Google has made efforts to remove apps associated with the companies that manufacture the compromised boxes. Unfortunately, malware-infested hardware is a proverbial hydra; cut off one head, and eight take its place. While Human Security's research revealed many vulnerabilities, there are still plenty of bad actors out there.