A Canadian systems security expert found that the firmware of an Android TV box that was purchased from Amazon already contained sophisticated, persistent malware. Daniel Milisic found the malware, and he wrote a script and instructions to assist users in neutralising the payload and halting contact with the C2 (command and control) server.
The in question product is the AllWinner T616-powered T95 Android TV box, which is extensively sold on Amazon, AliExpress, and other significant e-commerce sites. It is unknown if only this particular device was harmed or if the malicious component affects all products from this brand or model.