A hot potato: Chinese PC maker AceMagic is renowned for its extensive line of mini PCs that provide high performance at relatively affordable prices. However, the company has been compelled to acknowledge that it shipped at least one batch of devices with factory-installed spyware.
The issue came to light after Jon Freeman from YouTube channel 'The Net Guy Reviews' tested the AceMagic AD08 mini PC and discovered it contained files flagged by Windows Defender as malware. He alleges that other models marketed by AceMagic (owned and operated by China-based Shenzhen Shanminheng Technology), including the AD15 and S1, also contain similar malware. All these devices are sold on Amazon, potentially compromising users' privacy and security.
According to Freeman, he first noticed a problem when the built-in Windows security software detected suspicious files in the recovery partition on the device's SSD. Upon closer inspection, he found two problematic executables – ENDEV and EDIDEV – hiding in the "OsVer" sub-folder within the Windows installation folder. Further investigation revealed that these two files are part of the notorious Bladabindi and Redline spyware families.
Redline is known to steal browser passwords, empty crypto wallets, and hijack various critical website accounts, such as Steam, Filezilla, Telegram, and more. It can also steal VPN credentials, track your IP address, and evade antivirus detection by encrypting part of its source code. Once the machine is infected, it can then send your private data to malicious actors.
Bladabindi, meanwhile, is a backdoor trojan that allows remote access to hackers for data-stealing purposes.
Alarmingly, these files were also found in the restoration folder, meaning they will be reinstalled even if you wipe your C:/ drive and reinstall Windows using the built-in 'Restore' feature. A complete system scan also revealed additional unknown files in the Windows folder. A Virustotal scan identified these as malware.
Interestingly, Freeman purchased another AceMagic AD08 mini PC from Amazon and found it to be free from the malware problems affecting the first device. When he contacted AceMagic about his findings, the company claimed that the malware issue affected only the first batch of AD08 mini PCs and has since been resolved.
In an email to Freeman, AceMagic said, "The virus software issue has been resolved in the current stock... this issue will no longer be present in the current offerings."