This session is a technical deepdive of the talk ”Set-top boxes: your personal unwanted proxy”. This talk will dive into our analysis methodology and technical findings from our extensive investigation into shady Android devices flooding the market. In this technical deep dive, we’ll walk you through the entire infection chain of x96mini Android TV boxes that come pre-installed with malware, showcasing how an initially innocent looking app obtains multiple payloads, malicious configs, and ultimately registers itself as an active endpoint for multiple residential proxy providers. We will present how we came to investigate this case and what our (initial) research questions were. What approach we took into investigating the Malware, Forensics and Network analysis of these devices. The different (malicious) APKs, files and configs we investigated. What rabbitholes of abstraction and obfuscation we dove into.
