Forums
VHT Forums
Mini PCs
Malware on AceMagic...
 
Notifications
Clear all

Malware on AceMagic mini PCs

 
Mini PCs
Last Post by Brandon Lee 10 months ago
3 Posts
2 Users
1 Reactions
613 Views
RSS
Posts: 47
 malcolm.r
Topic starter
Jan 22, 2024 10:06 am
(@malcolm-r)
Trusted Member
Joined: 11 months ago

Hey all. Recently I got ahold of one of the AceMagic mini PCs, the AD15 model. After I had gotten Proxmox installed on mine and put it into my homelab, I saw some folks in other discords that had run into concerning things with their machines.

I put the NVMe drive that shipped with the device into an adapter and scanned it on my PC. Turns out Windows Defender flagged one of the executables as a "Redline!MSR" trojan. This type of trojan is used to execute code remotely, steal credentials/input, etc: https://www.darkreading.com/cyberattacks-data-breaches/attackers-hide-redline-stealer-behind-chatgpt-google-bard-facebook-ads.

I would HIGHLY recommend anyone with one of these PCs to stop using it (if you didn't reformat the drive first).

If you've had a similar experience I'd love to hear about it.

image
Brandon Lee reacted
2 Replies
Brandon Lee
Posts: 395
 Brandon Lee
Admin
Jan 22, 2024 10:38 am
(@brandon-lee)
Member
Joined: 14 years ago

@malcolm-r I'm glad you are bringing this up, as these mini PCs are becoming more popular in the home lab community. I have the S1 Mini PC with the factory drive that I will run some scans on and see what it finds as well. I'm curious if anyone else has seen suspicious behavior with Ace Magic mini PCs? Please share your findings with the community.

Reply
Brandon Lee
Posts: 395
 Brandon Lee
Admin
Jan 22, 2024 8:40 pm
(@brandon-lee)
Member
Joined: 14 years ago

@malcolm-r I found the scan history on the original drive for the Acemagic S1. I am surprised, but it is a different trojan in the signature found on the AceMagic S1. These screenshots are from the original drive, and the timestamps are around the time I received the drive, booted it up, and Windows security flagged it.

2024 01 22 20 34 57
2024 01 22 20 35 38

Also, I have it on a separate segment of my network with a firewall in front looking at network flows. Going to see if it calls out to anything out of the ordinary.

Reply
Forum Jump:
  Previous Topic
Next Topic  
© Copyright 2024, All Rights Reserved  | VirtualizationHowto.com