Whoops! ACEMAGIC ships mini PCs with free bonus pre-installed malware • Graham Cluley

Chinese mini PC manufacturer ACEMAGIC (do I really have to write that in capitals? I hate it when companies name themselves like that…) has made life a bit more interesting for its customers, by admitting that it has also been throwing in free malware with its products.

Yup, the PC maker has ‘fessed up to unwittingly shipping the Redline spyware and Bladabindi backdoor Trojan to its customers.

ACEMAGIC’s press release is worth a look.

ACEMAGIC, a leading provider of innovative mini PC solutions, has proactively addressed an isolated virus incident affecting a specific batch of mini PCs.

“Proactively addressed”? Hmm. I think what they meant to say was “retroactively addressed”. It would have been proactive of ACEMAGIC if the malware had been caught in advance, and never been distributed on the PCs in the first place.

The incident was identified through Windows Defender, detecting the presence of the Bladabindi and Redline malware families in the ENDEV folder.

Windows Defender is the old name for Microsoft Defender Antivirus, the anti-virus product built into modern versions of Windows.

From the sound of things, ACEMAGIC didn’t scan its computers for malware. They didn’t even think of running the anti-virus built into the version of Windows they were shipping on their PCs.

As a result, several consumers across the United States and Europe reported similar concerns, prompting a thorough investigation into the root causes and swift implementation of corrective measures.

“A thorough investigation”? You mean, you ran an anti-virus program – right?

Upon meticulous examination, it was revealed that our software developers, in an effort to enhance user experience by reducing initial boot time, made adjustments to the Microsoft source code, including network settings, without obtaining software digital signatures (A digital signature is an electronic, encrypted, stamp of authentication on digital information such as email messages, macros, or electronic documents.

“Upon meticulous examination…” I’m not sure whether to laugh or cry…

But in short what I think they are saying here is that in an attempt to “enhance user experience” (no-one, especially not Elon Musk, wants to be forced into create a Microsoft account to install Windows 11), they shoved in some code they found lying around the internet that offered to help set up the PC more quickly.

A signature confirms that the information originated from the signer and has not been altered), and the RGB lighting control software was also without one. This oversight led to isolated reports of virus-infected mini PCs manufactured before November 18, 2023.

Uhh, even if the digital signatures had been present and correct it is no guarantee that the software is not malicious.

Sign up to our free newsletter.
Security news, advice, and tips.

ACEMAGIC is offering a full refund to customers who purchased affected PCs, and a 10% discount on other products from the firm.

The company also says it will be more careful in future.

By the way, ACEMAGIC isn’t the first manufactuer of mini PCs to ship malware to its customers. In 2008, for instance, Asus managed to give its customers an unwanted malware freebie with its tiddly Asus Eee Box.

Here’s a video by a man with a big beard, talking more about ACEMAGIC’s screw-up.

Leave a Reply

Your email address will not be published. Required fields are marked *

Back to top button