Lights Man Action Lights Man Action

Unkillable Backdoor Preinstalled on Numerous Android Devices: A Deep Dive

In an alarming revelation, thousands of Android devices, primarily cheap Android TV boxes, have been found to come preinstalled with an unkillable backdoor. This discovery has raised significant concerns among users and cybersecurity experts alike.

Key Highlights:

  • Advanced Triada malware detected on multiple Android devices before reaching resellers.
  • Cheap Android TV streaming box, T95, found infected right out of the box.
  • Human Security identifies seven Android TV boxes and one tablet with the backdoor.
  • Potential impact on 200 different models of Android devices.
  • Devices with the backdoor are spread across homes, businesses, and schools in the US.

The Depth of the Issue:

When consumers purchase a TV streaming box, the last thing they expect is for it to be laced with malware or to communicate with servers in foreign countries. Even more concerning is the idea that these devices could be part of an organized crime scheme, generating millions through fraudulent activities. Unfortunately, this has been the reality for many unsuspecting individuals who purchased cheap Android TV devices.

Earlier this year, security researcher Daniel Milisic made a startling discovery. He found that the T95, a popular cheap Android TV streaming box, was infected with malware straight out of the box. This discovery was later confirmed by several other researchers. However, the T95 was just the beginning.

The Extent of the Backdoor:

This week, cybersecurity firm Human Security shed light on the magnitude of the issue. Their research unveiled that seven Android TV boxes and one tablet were found with the backdoors preinstalled. Furthermore, there are indications that up to 200 different models of Android devices might be affected. These compromised devices are not limited to personal use; they are present in businesses, schools, and homes across the United States.

Human Security also highlighted an advertising fraud connected to this scheme, which might have been a source of funding for the operation. Gavin Reid, the CISO at Human Security, described the devices as a “Swiss army knife of doing bad things on the internet.” He emphasized the distributed nature of the fraud and mentioned that the company has shared details with law enforcement agencies regarding potential manufacturing facilities.

Implications and Concerns:

The presence of such backdoors in Android devices raises significant concerns about user privacy and data security. The fact that these devices were compromised before even reaching the resellers indicates a deep-rooted issue in the supply chain. With the increasing reliance on smart devices in our daily lives, such revelations underscore the importance of stringent cybersecurity measures and thorough vetting of devices before purchase.


The discovery of an unkillable backdoor in thousands of Android devices has sent shockwaves through the tech community. The advanced Triada malware, found on devices even before they reached the resellers, highlights potential vulnerabilities in the supply chain. With devices spread across the US in various settings, the implications of this discovery are vast and concerning. As the tech world grapples with this revelation, consumers are reminded of the importance of cybersecurity and the need to be vigilant about the devices they bring into their homes and workplaces.