The Chinese company Acemagic admitted that some of its products were delivered with pre-installed malware. The company explains that they just wanted to reduce the download time and made changes to the Microsoft source code for this purpose.
In early February 2024, youtuber The Net Guy discovered malware on the AceMagic AD08 mini-computer, which he was testing for review. So, just a few minutes after downloading, Windows Defender reported the presence of the Bladabindi malware, a backdoor that steals user information and can also install additional malware.
Last week, Acemagic, trying not to draw much attention to the problem, confirmed the presence of Bladabindi on some of its computers sold in the United States and Europe, and also admitted that the notorious Redline styler could also get on the devices. At the same time, Acemagic's explanations about the infection of devices turned out to be very strange:
"Our software developers sought to improve the user experience by reducing the initial download time and made changes to the Microsoft source code, including network settings. But they did not receive digital signatures for the software, and the RGB control program was also delivered without them. This oversight has led to isolated cases of viruses infecting mini-PCs released before November 18, 2023."
At the same time, the company gave a slightly different comment to The Register, saying that the incident occurred due to changes made to the software to reduce load time, and these edits "accidentally affected network settings, which led to the lack of digital signatures."
Now Acemagic promises to strengthen control over the use of digital certificates in order to "prevent such unauthorized modifications" in the future. This wording suggests that third parties may have gained access to the company's systems (or even a master copy of Windows) and used it to distribute malware. That is, it remains unclear whether the infection occurred at the factory or after the computers were purchased and turned on by their new owners.
Acemagic assured that they will reimburse the full cost of devices produced in the period from September to November 2023 to anyone who wants to return the money. The production date must be indicated on the stickers of the affected AD08, AD15 and S1 models. However, The Register journalists note that recently they just received one of the Acemagic devices for review, but on the stickers of this device there is no data about the date of its manufacture, and the QR codes also do not contain any useful information.
Users who decide to clean their machines from malware (Acemagic has already published clean images for this purpose) will receive a 25% discount on the purchase. Also, all buyers of infected machines can receive a coupon for a ten percent discount on any future purchase of Acemagic devices.
• Video:
In early February 2024, youtuber The Net Guy discovered malware on the AceMagic AD08 mini-computer, which he was testing for review. So, just a few minutes after downloading, Windows Defender reported the presence of the Bladabindi malware, a backdoor that steals user information and can also install additional malware.
Last week, Acemagic, trying not to draw much attention to the problem, confirmed the presence of Bladabindi on some of its computers sold in the United States and Europe, and also admitted that the notorious Redline styler could also get on the devices. At the same time, Acemagic's explanations about the infection of devices turned out to be very strange:
"Our software developers sought to improve the user experience by reducing the initial download time and made changes to the Microsoft source code, including network settings. But they did not receive digital signatures for the software, and the RGB control program was also delivered without them. This oversight has led to isolated cases of viruses infecting mini-PCs released before November 18, 2023."
At the same time, the company gave a slightly different comment to The Register, saying that the incident occurred due to changes made to the software to reduce load time, and these edits "accidentally affected network settings, which led to the lack of digital signatures."
Now Acemagic promises to strengthen control over the use of digital certificates in order to "prevent such unauthorized modifications" in the future. This wording suggests that third parties may have gained access to the company's systems (or even a master copy of Windows) and used it to distribute malware. That is, it remains unclear whether the infection occurred at the factory or after the computers were purchased and turned on by their new owners.
Acemagic assured that they will reimburse the full cost of devices produced in the period from September to November 2023 to anyone who wants to return the money. The production date must be indicated on the stickers of the affected AD08, AD15 and S1 models. However, The Register journalists note that recently they just received one of the Acemagic devices for review, but on the stickers of this device there is no data about the date of its manufacture, and the QR codes also do not contain any useful information.
Users who decide to clean their machines from malware (Acemagic has already published clean images for this purpose) will receive a 25% discount on the purchase. Also, all buyers of infected machines can receive a coupon for a ten percent discount on any future purchase of Acemagic devices.
• Video:
