Android TV boxes compromised with new Pandora trojan variant

Affordable Android TV boxes, including MX10 Pro 6K, Tanix TX6 TV Box, and H96 MAX X3, have been targeted by a new variant of the Pandora backdoor associated with the Mirai botnet malware to facilitate distributed denial-of-service attacks, reports BleepingComputer. Malware infections on the Android TV boxes were facilitated either through malicious firmware updates or pirated content apps, according to a Dr. Web report. Researchers noted that malicious updates, which could be installed by device resellers or the users themselves, have been delivering the "boot.img" service that ensures persistence through its kernel and ramdisk components, while apps providing pirated content establish persistence with the execution of the "GoMediaService" operation in a multi-step process that eventually results in the deployment of the Pandora backdoor installer. Aside from enabling DDoS attacks via TCP and UDP protocols, Pandora also allows reverse shell opening and system partition mounting, said the report. Users of low-cost Android TV boxes have been urged to switch to streaming devices from Google, Amazon, and Apple to reduce cybersecurity risks.