Factory-installed Malware Discovered in Android Projectors

Severity: Medium (Score: 58.0)

Sources: Reddit

Summary

A user discovered a malware ecosystem in cheap Android projectors sold online, including a Remote Access Trojan (RAT) named SilentSDK and a dropper called StoreOS. The malware communicates with a command and control (C2) server located in China. Key capabilities of the RAT include remote command execution, file permission manipulation, and device fingerprinting. The user conducted a thorough analysis, documenting the malware's kill chain and developing scripts to repair the payloads for further examination. This incident raises concerns about the security of consumer electronics and the potential for widespread exploitation. The findings suggest that these projectors may be part of a larger trend of compromised IoT devices. The full technical report is available for review, and feedback is encouraged. Key Points: • Malware ecosystem includes SilentSDK RAT and StoreOS dropper in Android projectors. • The RAT communicates with a C2 server in China, indicating potential state involvement. • User analysis revealed capabilities for remote command execution and device fingerprinting.

Key Entities

• Malware (attack_type)
• China (country)
• api.pixelpioneerss.com (domain)
• SilentSDK (malware)
• StoreOS (malware)
• T1059 - Command and Scripting Interpreter (mitre_attack)
• T1071 - Application Layer Protocol (mitre_attack)
• Android (platform)