• @yggstyle
    link
    389 months ago

    Can’t wait until this spurs the security community into doing a deep look at the roms on these cheap Chinese boards. Yeah the malware was caught - but what’s more important is the intent. This is a country that is constantly behind breaches and botnets… and here we have these PCs being marketed as router replacents and mini servers. It doesn’t take much to figure out that this is free back door territory.

    • qaz
      link
      9
      edit-2
      9 months ago

      but what’s more important is the intent

      Afaik, the problem was a trojan inside the cracked windows images they used to avoid paying for windows keys. I doubt the intent was to create a botnet, it seems more like generic cybercrime.

      I personally always wipe the preinstalled OS to avoid issues like this. However, make sure to use a clean image directly from the source. Simply reinstalling from within Windows wouldn’t have helped in this case, because the malware was part of the recovery files.

      The story originated from a video from the “The Net Guy Reviews” YouTube channel. Most articles I’ve seen so far oversimplify the issue and/or get facts wrong, therefore I recommend checking out the original video if you want to learn more.

      • @yggstyle
        link
        59 months ago

        Yeah malware is everywhere - This could simply be a product of an individual actor abusing their position in a supply chain… but this also goes for hardware as well. It is certainly a more difficult vector to attack from but due to its ‘level’ it’s a valuable position to compromise.

    • @[email protected]
      link
      fedilink
      99 months ago

      Yes! I’ve been telling this to friends who keep buying Chinese boards to use as routers and NAS … wth

      • Heratiki
        link
        fedilink
        39 months ago

        I mean depending on what board you’re using it’s unlikely it’s hardware level snooping that supersedes changing the firmware. Especially if you stick to those that run on open source firmware.

  • @sugartits
    link
    159 months ago

    It comes pre installed with Windows, so that’s a given isn’t it?

    • sylver_dragon
      link
      English
      149 months ago

      Remember kids if you’re going to buy a Chinese pre-built, wipe that shit before use.

      Always wipe and start fresh. Yes, Chinese brands seem to be worse about security, but there’s no reason to keep bloatware and FSM only know what other crapware the OEM installed.

    • @ohlaph
      link
      69 months ago

      Or… don’t buy it to begin with.

      • @[email protected]
        link
        fedilink
        4
        edit-2
        9 months ago

        Yup, I don’t trust it to not install a rootkit on the BIOS or something. Buy from reputable companies, and if you get a prebuilt PC, you’ll probably want to reinstall Windows to get all of the adware off. If you don’t use Windows, you’re probably fine with just buying from a reputable vendor.

        • @[email protected]
          link
          fedilink
          29 months ago

          That’s what I’m always most paranoid about - buying storage and having some bad actor insert malicious code through unusual means.

          • @[email protected]
            link
            fedilink
            09 months ago

            Yup, it’s not worth saving $20 or whatever to buy a sketchy brand, just buy a well known brand with an image to uphold and you’ll be fine.

      • Heratiki
        link
        fedilink
        129 months ago

        According to this Tom’s Hardware article (https://www.tomshardware.com/desktops/mini-pcs/mini-pc-maker-ships-systems-with-factory-installed-spyware-acemagic-says-issue-was-contained-to-the-first-shipment) it isn’t firmware based spyware but just existing on the machine drive.

        They were also found on the restore partition so a full wipe and fresh install would eliminate the issue. AceMagic have also claimed that the issue was isolated to the first round of shipments.

        • @[email protected]
          link
          fedilink
          69 months ago

          It’s reasonable to consider whether to trust a company that shipped spyware in the first place. I would have a hard time with that.

          • krolden
            link
            fedilink
            39 months ago

            Better stop using any modern cellphone ever then.

            • @[email protected]
              link
              fedilink
              -19 months ago

              Trying to, but credible alternatives just don’t exist. I really want a Linux phone, but battery life and basic features just aren’t there.

          • Heratiki
            link
            fedilink
            29 months ago

            It’s more than likely they “borrowed” some other Chinese company’s cloned Windows drive and used it for their install rather than roll their own. Could be they were malicious but coming out and claiming it was an error so quickly doesn’t really push that narrative hard.

            • @[email protected]
              link
              fedilink
              29 months ago

              We’re going to agree to disagree about that. Being caught red-handed would trigger an immediate mea culpa if they want to preserve plausible deniability and try again later.

            • @[email protected]
              link
              fedilink
              19 months ago

              If they weren’t the original malicious actor, then their quality control sucks. Either way, they shipped a booby-trapped system. Trusting them again will be hard for a lot of people.

        • @[email protected]
          link
          fedilink
          English
          49 months ago

          This article says the same thing, but it’s worth people being aware that firmware is a vector.

        • @[email protected]
          link
          fedilink
          -19 months ago

          How do you know? They find spyware not in firmware, but that doesn’t cover what they didn’t find.

            • @[email protected]
              link
              fedilink
              19 months ago

              Sure. I’m just saying that if a company is caught putting spyware into their products, I’m not going to trust them to suddenly fix it. If they cared, they should’ve caught this with internal QA.

              So either they’re negligent or malicious. If the former, they’ll probably be negligent again. If the latter, they’ll be more sneaky next time. Either way I don’t trust them.

                • @[email protected]
                  link
                  fedilink
                  09 months ago

                  My point is that we know there’s spyware on the image, so we should suspect malware elsewhere as well. Until the hardware is audited, we should assume that hardware is compromised as well.

      • krolden
        link
        fedilink
        29 months ago

        Nothing in this article said anything about the device firmware being compromised

    • astrsk
      link
      fedilink
      59 months ago

      Hopefully it’s not built into a rom chip on any number of custom components in these mini PCs making it software independent.

      • @[email protected]
        link
        fedilink
        4
        edit-2
        9 months ago

        I mean, technically, you can always use hardware, even if it’s been bombed to shit with malware. Just never connect it to any sort of network, never transfer files from that PC with bidirectional channels and never use that PC’s hardware anywhere else.

      • @[email protected]
        link
        fedilink
        29 months ago

        Thats why they’ll be a good deal.

        The hardware is the same as several other brands, and none of them have come up bad. Ultimately it really does look like someone either got got on the image they cloned from or maliciously inserted windows spyware into it. Either way it’s nothing a flatten and reinstall won’t fix.

        Hell, if the windows keys are legit you don’t even need to use the oem reinstall media.

  • @[email protected]
    link
    fedilink
    29 months ago

    Maybe we should have a working Linux live USB before we buy a new laptop so that we can set it up without connecting it to the home router.

  • @[email protected]
    link
    fedilink
    19 months ago

    I am not saying that the image is to be trusted, but “Win32/Wacatac.B!ml” is just a generic name for anything obfuscated by vmprotect. Most cracks are detected as “Win32/Wacatac.B!ml”

    Also, because it’s detected by microsoft defender itself, if they really had a malicious intent, they would have whitelisted those executables in the disk image.