Saturday, December 14, 2024
HomeCyber Security NewsChinese Mini PC Maker Acemagic Ships machines with Malware Pre-installed

Chinese Mini PC Maker Acemagic Ships machines with Malware Pre-installed

Published on

SIEM as a Service

Acemagic, a Chinese manufacturer of mini PCs, has been found to ship devices laden with malware, raising significant concerns about cybersecurity and consumer safety.

Further investigations revealed that other models, including the AD15 and S1, also harbored similar malicious software.

You can analyze a malware file, network, module, and registry activity with the ANY.RUN malware sandbox and the Threat Intelligence Lookup that will let you interact with the OS directly from the browser.

- Advertisement - SIEM as a Service

A Troubling Discovery

Jon from The Net Guy Reviews YouTube channel first brought this issue to light when he discovered spyware in the AceMagic AD08 mini-PC.

Jon’s encounter with the malware began when Windows Defender detected suspicious files on the recovery partition of the NVMe drive inside the AceMagic AD08.

These files, identified as ENDEV and EDIDEV, were part of the Bladabindi and Redline malware families, notorious for stealing stored passwords, logging keystrokes, and extracting information from infected systems.

A comprehensive system scan unearthed additional spyware files hidden in the Windows folder, with VirusTotal confirming the malicious nature of these files as flagged by 50 security vendors.

Windows Defender found malicious files in the recovery partition of the AceMagic AD08’s NVMe SSD, which the reviewer obtained via FBA dropshipping.

AceMagic AD08 with malware
AceMagic AD08 with malware

The problem appears more widespread than initially, with other users reporting similar experiences.

One Amazon buyer of the AceMagic AD08 reported encountering malware that was hardcoded into the Windows recovery, making it immune to standard reset procedures.

Another user, Richard Deno, found malware in his AK1 model, including pre-installed Chrome, that he deemed untrustworthy due to the presence of other malware.

Company Response

In response to these alarming findings, Acemagic has acknowledged the issue, attributing it to software adjustments developers made to reduce initial boot times.

These adjustments, which involved tampering with Microsoft source code and network settings without proper digital signatures, led to the accidental inclusion of malware in some of their products manufactured before November 18, 2023.

Acemagic has committed to refunding affected customers and advised checking the device’s production date for eligibility.

The company has also promised to strengthen its use of digital certificates to prevent unauthorized modifications in the future.

Future Measures and Consumer Advice

Acemagic has outlined a comprehensive plan to address consumer concerns and mitigate the impact of the virus incident.

This includes a return policy for affected products, a product retention policy offering compensation for those who choose to keep their devices, and an exchange service.

For consumers who own an AceMagic mini-PC or devices from its sub-brands, it is advisable to run a virus scan to ensure their systems are malware-free.

The incident is a stark reminder of the cybersecurity risks associated with purchasing technology products and underscores the importance of vigilance and due diligence from manufacturers and consumers.

In conclusion, the discovery of pre-installed malware on Acemagic mini PCs has shed light on the critical issue of cybersecurity in manufacturing.

As Acemagic takes steps to rectify the situation and prevent future occurrences, consumers are urged to remain cautious and proactive in safeguarding their digital security.

You can block malware, including Trojans, ransomware, spyware, rootkits, worms, and zero-day exploits, with Perimeter81 malware protection. All are incredibly harmful, can wreak havoc, and damage your network.

Stay updated on Cybersecurity news, Whitepapers, and Infographics. Follow us on LinkedIn & Twitter.

Divya
Divya
Divya is a Senior Journalist at GBhackers covering Cyber Attacks, Threats, Breaches, Vulnerabilities and other happenings in the cyber world.

Latest articles

“Password Era is Ending,” Microsoft to Delete 1 Billion Passwords

Microsoft has announced that it is currently blocking an astounding 7,000 password attacks every...

Over 300,000 Prometheus Servers Vulnerable to DoS Attacks Due to RepoJacking Exploit

The research identified vulnerabilities in Prometheus, including information disclosure from exposed servers, DoS risks...

Reyee OS IoT Devices Compromised: Over-The-Air Attack Bypasses Wi-Fi Logins

Researchers discovered multiple vulnerabilities in Ruijie Networks' cloud-connected devices. By exploiting these vulnerabilities, attackers...

New Android Banking Malware Attacking Indian Banks To Steal Login Credentials

Researchers have discovered a new Android banking trojan targeting Indian users, and this malware...

API Security Webinar

72 Hours to Audit-Ready API Security

APIs present a unique challenge in this landscape, as risk assessment and mitigation are often hindered by incomplete API inventories and insufficient documentation.

Join Vivek Gopalan, VP of Products at Indusface, in this insightful webinar as he unveils a practical framework for discovering, assessing, and addressing open API vulnerabilities within just 72 hours.

Discussion points

API Discovery: Techniques to identify and map your public APIs comprehensively.
Vulnerability Scanning: Best practices for API vulnerability analysis and penetration testing.
Clean Reporting: Steps to generate a clean, audit-ready vulnerability report within 72 hours.

More like this

“Password Era is Ending,” Microsoft to Delete 1 Billion Passwords

Microsoft has announced that it is currently blocking an astounding 7,000 password attacks every...

Over 300,000 Prometheus Servers Vulnerable to DoS Attacks Due to RepoJacking Exploit

The research identified vulnerabilities in Prometheus, including information disclosure from exposed servers, DoS risks...

Reyee OS IoT Devices Compromised: Over-The-Air Attack Bypasses Wi-Fi Logins

Researchers discovered multiple vulnerabilities in Ruijie Networks' cloud-connected devices. By exploiting these vulnerabilities, attackers...