- helenslunch ( @helenslunch@feddit.nl ) 12•8 months ago
This is why we do fresh installs on new hardware. Preferably Linux 🙂
- witx ( @witx@lemmy.sdf.org ) 16•8 months ago
Unfortunetaly, that does close to nothing when the issue is spyware on firmware
- Heratiki ( @Heratiki@lemmy.ml ) 11•8 months ago
According to this Tom’s Hardware article (https://www.tomshardware.com/desktops/mini-pcs/mini-pc-maker-ships-systems-with-factory-installed-spyware-acemagic-says-issue-was-contained-to-the-first-shipment) it isn’t firmware based spyware but just existing on the machine drive.
They were also found on the restore partition so a full wipe and fresh install would eliminate the issue. AceMagic have also claimed that the issue was isolated to the first round of shipments.
- CaptObvious ( @CaptObvious@literature.cafe ) 5•8 months ago
It’s reasonable to consider whether to trust a company that shipped spyware in the first place. I would have a hard time with that.
- krolden ( @krolden@lemmy.ml ) 4•8 months ago
Better stop using any modern cellphone ever then.
- Heratiki ( @Heratiki@lemmy.ml ) 2•8 months ago
It’s more than likely they “borrowed” some other Chinese company’s cloned Windows drive and used it for their install rather than roll their own. Could be they were malicious but coming out and claiming it was an error so quickly doesn’t really push that narrative hard.
- CaptObvious ( @CaptObvious@literature.cafe ) 3•8 months ago
If they weren’t the original malicious actor, then their quality control sucks. Either way, they shipped a booby-trapped system. Trusting them again will be hard for a lot of people.
- CaptObvious ( @CaptObvious@literature.cafe ) 2•8 months ago
We’re going to agree to disagree about that. Being caught red-handed would trigger an immediate mea culpa if they want to preserve plausible deniability and try again later.
- helenslunch ( @helenslunch@feddit.nl ) 5•8 months ago
Yes but that’s not the issue
- krolden ( @krolden@lemmy.ml ) 2•8 months ago
Nothing in this article said anything about the device firmware being compromised
- witx ( @witx@lemmy.sdf.org ) 2•8 months ago
I didn’t say that
- krolden ( @krolden@lemmy.ml ) 2•8 months ago
Unfortunetaly, that does close to nothing when the issue is spyware on firmware
- astrsk ( @astrsk@kbin.social ) 5•8 months ago
Hopefully it’s not built into a rom chip on any number of custom components in these mini PCs making it software independent.
- schizoidman ( @schizoidman@lemmy.ml ) English11•8 months ago
Kinda low effort when just a windows defender scan can detect it.
- Helix 🧬 ( @Helix@feddit.de ) English14•8 months ago
imagine what they didn’t find!
- JCreazy ( @JCreazy@midwest.social ) English9•8 months ago
Remember kids if you’re going to buy a Chinese pre-built, wipe that shit before use.
- ReversalHatchery ( @ReversalHatchery@beehaw.org ) 8•8 months ago
To me that always applies, irregardless of the manufacturer. Supply chain attacks are a thing, they are not even necessarily targeted. “I’m not interesting enough” does not apply: everyone has contact with other people, mostly everyone has (or will have) voting rights, and some will have authority over other people.
- Helix 🧬 ( @Helix@feddit.de ) English6•8 months ago
Now check the other mini PCs from other random Aliexpress, Banggood, Gearbest and Temu vendors…
- bloodfart ( @bloodfart@lemmy.ml ) 3•8 months ago
These are gonna be a good deal soon.
- CaptObvious ( @CaptObvious@literature.cafe ) 3•8 months ago
If anyone is willing to buy them.
- bloodfart ( @bloodfart@lemmy.ml ) 4•8 months ago
Thats why they’ll be a good deal.
The hardware is the same as several other brands, and none of them have come up bad. Ultimately it really does look like someone either got got on the image they cloned from or maliciously inserted windows spyware into it. Either way it’s nothing a flatten and reinstall won’t fix.
Hell, if the windows keys are legit you don’t even need to use the oem reinstall media.
- Gabu ( @Gabu@lemmy.ml ) 3•8 months ago
I mean, technically, you can always use hardware, even if it’s been bombed to shit with malware. Just never connect it to any sort of network, never transfer files from that PC with bidirectional channels and never use that PC’s hardware anywhere else.
- CaptObvious ( @CaptObvious@literature.cafe ) 2•8 months ago
LOL! Fair point
- Moonrise2473 ( @Moonrise2473@feddit.it ) 1•8 months ago
I am not saying that the image is to be trusted, but “Win32/Wacatac.B!ml” is just a generic name for anything obfuscated by vmprotect. Most cracks are detected as “Win32/Wacatac.B!ml”
Also, because it’s detected by microsoft defender itself, if they really had a malicious intent, they would have whitelisted those executables in the disk image.
The vendor itself acknowledged the situation by saying that the virus problem was solved!