Mini PCs sold on Amazon contained factory-installed spyware

DragonSlayer101

Posts: 298   +2
Staff
A hot potato: Chinese PC maker AceMagic is renowned for its extensive line of mini PCs that provide high performance at relatively affordable prices. However, the company has been compelled to acknowledge that it shipped at least one batch of devices with factory-installed spyware.

The issue came to light after Jon Freeman from YouTube channel 'The Net Guy Reviews' tested the AceMagic AD08 mini PC and discovered it contained files flagged by Windows Defender as malware. He alleges that other models marketed by AceMagic (owned and operated by China-based Shenzhen Shanminheng Technology), including the AD15 and S1, also contain similar malware. All these devices are sold on Amazon, potentially compromising users' privacy and security.

According to Freeman, he first noticed a problem when the built-in Windows security software detected suspicious files in the recovery partition on the device's SSD. Upon closer inspection, he found two problematic executables – ENDEV and EDIDEV – hiding in the "OsVer" sub-folder within the Windows installation folder. Further investigation revealed that these two files are part of the notorious Bladabindi and Redline spyware families.

Redline is known to steal browser passwords, empty crypto wallets, and hijack various critical website accounts, such as Steam, Filezilla, Telegram, and more. It can also steal VPN credentials, track your IP address, and evade antivirus detection by encrypting part of its source code. Once the machine is infected, it can then send your private data to malicious actors.

Bladabindi, meanwhile, is a backdoor trojan that allows remote access to hackers for data-stealing purposes.

Alarmingly, these files were also found in the restoration folder, meaning they will be reinstalled even if you wipe your C:/ drive and reinstall Windows using the built-in 'Restore' feature. A complete system scan also revealed additional unknown files in the Windows folder. A Virustotal scan identified these as malware.

Interestingly, Freeman purchased another AceMagic AD08 mini PC from Amazon and found it to be free from the malware problems affecting the first device. When he contacted AceMagic about his findings, the company claimed that the malware issue affected only the first batch of AD08 mini PCs and has since been resolved.

In an email to Freeman, AceMagic said, "The virus software issue has been resolved in the current stock... this issue will no longer be present in the current offerings."

Permalink to story.

 
I'd expect this sort of thing from a refurbished computer, but not a brand new one from the manufacturer. For shame... I bought one of these on the big A a few years ago, but luckily I wiped it and installed PopOS! Linux. It did come with Windows 10 though... which some will argue is spyware in itself.
 
I'd expect this sort of thing from a refurbished computer, but not a brand new one from the manufacturer. For shame... I bought one of these on the big A a few years ago, but luckily I wiped it and installed PopOS! Linux. It did come with Windows 10 though... which some will argue is spyware in itself.
As I see it, the issue is the fact that the PC was manufactured in China. Though the subsequent PCs were deemed clean, I think one has to assume that the Chinese Government had a hand in the fact that there was malware on these PCs.
 
Editor: Save your staff some time and just publish article "Spyware exists on all forms of software and/or hardware"

kkthx
 
I'd expect this sort of thing from a refurbished computer, but not a brand new one from the manufacturer. For shame... I bought one of these on the big A a few years ago, but luckily I wiped it and installed PopOS! Linux. It did come with Windows 10 though... which some will argue is spyware in itself.

It's the problem of using an image to install and configure Windows, and it has little to do with what type of system or who the OEM is. I wouldn't be that surprised if one of the low paid drones working there was offered a nice chunk of change to add the files, or just replace the whole image. And when you consider where it's sold, Amazon, are you really that surprised? It's worse than Ebay for third party scams IMHO.
 
It's the problem of using an image to install and configure Windows, and it has little to do with what type of system or who the OEM is. I wouldn't be that surprised if one of the low paid drones working there was offered a nice chunk of change to add the files, or just replace the whole image. And when you consider where it's sold, Amazon, are you really that surprised? It's worse than Ebay for third party scams IMHO.
I have a several choices of where to buy new or used gear. Unless Amazon has an extra-special sale of something I can use, I don't shop there. Last time it was a pair of SODIMMs at a very good price. Before that, it was a lot of 32GB PNY flash sticks really inexpensive.

So I buy from eBay, another smaller auction, IT people in wealthy companies selling off out-of-warranty computers. Amazon is the last place I look.
 
I don't care who the manufacturer is. I wipe every device I buy day one. My newest ASUS laptop, wiped day one.
Most any computer I sell gets a clean install of Windows 10 or 11 and no recovery partition. So they are free of spyware. Only problem is sometimes finding hardware drivers. Vendor web sites usually have them.
 
Back