Michael357 0 Posted September 11 Share Posted September 11 (edited) Hello, I saw last post about this subject here. My tv probably sniffing my LAN from SONY or one of the applications installed (have only few). Only the tv LAN's connected, no wifi. i have eset on my tv. The announcement appears on all our pc's from Eset Internet Security. TV,PC's,Eset, all are updated. no malware on my LAN. Attached the logs of Eset logs tool. (wile collecting, no ARP attack was shown). p.s that start happening since i bought the tv and comes and goes every few months for 1-2 weeks Sincerely yours M eis_logs.zip Edited September 11 by Michael357 Quote Link to comment Share on other sites More sharing options...
itman 1,755 Posted September 11 Share Posted September 11 Refer to this Eset Knowledge base article: https://support.eset.com/en/kb2933-arp-icmp-or-dns-cache-poisoning-attack-in-eset-home-products-for-windows . Quote Link to comment Share on other sites More sharing options...
Michael357 0 Posted September 12 Author Share Posted September 12 (edited) 13 hours ago, itman said: Refer to this Eset Knowledge base article: https://support.eset.com/en/kb2933-arp-icmp-or-dns-cache-poisoning-attack-in-eset-home-products-for-windows . Hello, Why should i add an exception to resolve a problem without resolving it? the problem is in tv sniffing my network, so why should i ignore it? sadly this is not a solution, otherwise would be kind to explain? the exception is only for my pc, there are more pc's, nas, tv's, smartphones vulnerable Edited September 12 by Michael357 Quote Link to comment Share on other sites More sharing options...
Michael357 0 Posted September 12 Author Share Posted September 12 16 hours ago, Michael357 said: Hello, I saw last post about this subject here. My tv probably sniffing my LAN from SONY or one of the applications installed (have only few). Only the tv LAN's connected, no wifi. i have eset on my tv. The announcement appears on all our pc's from Eset Internet Security. TV,PC's,Eset, all are updated. no malware on my LAN. Attached the logs of Eset logs tool. (wile collecting, no ARP attack was shown). p.s that start happening since i bought the tv and comes and goes every few months for 1-2 weeks Sincerely yours M eis_logs.zip 64.8 MB · 0 downloads would some expert answer my question ? Quote Link to comment Share on other sites More sharing options...
itman 1,755 Posted September 12 Share Posted September 12 (edited) 11 hours ago, Michael357 said: the problem is in tv sniffing my network, so why should i ignore it? If you believe your Sony TV is hacked, try updating its system software for starters: https://www.sony.com/electronics/support/downloads/W0008668 . If that doesn't work, contact Sony tech support for assistance. Edited September 12 by itman Quote Link to comment Share on other sites More sharing options...
itman 1,755 Posted September 12 Share Posted September 12 (edited) Of note is this just published article on Android OS TV malware: https://www.bleepingcomputer.com/news/security/new-vo1d-malware-infects-13-million-android-tv-streaming-boxes/ . The mitigation recommendation is; Quote While Dr.Web does not know how Android TV streaming devices are being compromised, researchers believe they are targeted because they commonly run outdated software with vulnerabilities. "One possible infection vector could be an attack by an intermediate malware that exploits operating system vulnerabilities to gain root privileges," concludes Dr.Web. "Another possible vector could be the use of unofficial firmware versions with built-in root access." To prevent infection by this malware, it is advised that Android TV users check for and install new firmware updates as they become available. Also be sure to remove these boxes from the internet in case they are being remotely exploited through exposed services. Last but not least, avoid installing Android applications as APKs from third-party sites on Android TV as they are a common source of malware. Edited September 12 by itman Quote Link to comment Share on other sites More sharing options...
Michael357 0 Posted September 13 Author Share Posted September 13 12 hours ago, itman said: Of note is this just published article on Android OS TV malware: https://www.bleepingcomputer.com/news/security/new-vo1d-malware-infects-13-million-android-tv-streaming-boxes/ . The mitigation recommendation is; Hi and thank you for replying! it's qiet intresting as my tv connected to my receiver and might give a false arp. on the other side i installed one APK to install the iptv smarters as there wasnt on google play for sony and the apk might be infected with vo1d exploit. i will check both problems and reply again. p.s are you a stuff member? have you read my logs? Quote Link to comment Share on other sites More sharing options...
itman 1,755 Posted September 13 Share Posted September 13 1 hour ago, Michael357 said: are you a stuff member? have you read my logs? @Marcos, did you review OP's posted logs? Quote Link to comment Share on other sites More sharing options...
itman 1,755 Posted September 13 Share Posted September 13 3 hours ago, Michael357 said: i installed one APK to install the iptv smarters as there wasnt on google play for sony and the apk might be infected with vo1d exploit. Where did you download the apk file from? Quote Link to comment Share on other sites More sharing options...
Michael357 0 Posted September 13 Author Share Posted September 13 (edited) 5 hours ago, itman said: Where did you download the apk file from? from the internet. as a cyber person who know what is binding and what is kali etc i feel a bit stupid i know how to arp man in the middle sniffing others https and hash passwords so i wanst worry caues i dont have a camera but yes a microphone and its not good. otherwise all my accounts are 2fa. so have you seen my logs may be? Edited September 13 by Michael357 Quote Link to comment Share on other sites More sharing options...
itman 1,755 Posted September 13 Share Posted September 13 20 minutes ago, Michael357 said: rom the internet. as a cyber person who know what is binding and what is kali etc i feel a bit stupid I meant the specific web site where you downloaded the apk file from. I will see if I can find anything malicious about it. Quote Link to comment Share on other sites More sharing options...
Michael357 0 Posted September 13 Author Share Posted September 13 (edited) 6 minutes ago, itman said: I meant the specific web site where you downloaded the apk file from. I will see if I can find anything malicious about it. dont remember brother, i think from here https://www.iptvsmarters.com/download/ but there are few links at first i probably downloaded from one of them, but as i know myself , from iptvsmarters. actually it deosnt matter, i remember contacting raralab.com ceo about his downloadable winrar infected lol, so at the time i downloaded it probably was infected and today not. i think i will see if they at last uploaded the iptvsmarters apk to google app store for sony tv's so i wont need to download it again from elswhere. here are the first links https://www.google.com/search?q=iptvsmarters+apk&oq=iptvsmarters+apk&gs_lcrp=EgZjaHJvbWUyBggAEEUYOTIJCAEQABgNGIAEMggIAhAAGA0YHjIICAMQABgNGB4yCAgEEAAYFhgeMggIBRAAGBYYHjIICAYQABgWGB4yCAgHEAAYFhgeMggICBAAGBYYHjIICAkQABgWGB7SAQg2ODE1ajBqNKgCALACAQ&sourceid=chrome&ie=UTF-8 Edited September 13 by Michael357 Quote Link to comment Share on other sites More sharing options...
itman 1,755 Posted September 13 Share Posted September 13 (edited) 17 minutes ago, Michael357 said: https://www.iptvsmarters.com/download/ This is interesting. VirusTotal shows zero detections for the .apk w/no suspicious indicators. However, Hybrid-Analysis (CrowdStrike) shows it as 100/100 confidence factor malicious: https://www.hybrid-analysis.com/sample/29958f288587fbeeed16909f316a8b7ee035977efccbeccec2931fdfb8377767 . Edited September 13 by itman Quote Link to comment Share on other sites More sharing options...
Michael357 0 Posted September 13 Author Share Posted September 13 2 minutes ago, itman said: This is interesting. VirusTotal shows zero detections for the .apk w/no suspicious indicators. However, Hybrid-Analysis (CloudStrike) shows it as 100/100 confidence factor malicious: https://www.hybrid-analysis.com/sample/29958f288587fbeeed16909f316a8b7ee035977efccbeccec2931fdfb8377767 . thank you brother, i wasnt aware of cloudstrike, only of virustotal. anyway i read all information on clodstrike and i can say WTF. i will reformat my tv but the problem is i think all iptvsmarters apk's are infected. hope iptvsmarters is already available on sony google app store. i really appreciate your time and effort brother for helping! Quote Link to comment Share on other sites More sharing options...
Michael357 0 Posted September 13 Author Share Posted September 13 (edited) 27 minutes ago, itman said: This is interesting. VirusTotal shows zero detections for the .apk w/no suspicious indicators. However, Hybrid-Analysis (CrowdStrike) shows it as 100/100 confidence factor malicious: https://www.hybrid-analysis.com/sample/29958f288587fbeeed16909f316a8b7ee035977efccbeccec2931fdfb8377767 . damn, the iptvsmarters isnt on google sony store. you know, i did the same on the other sony tv which is sony google not android and the arp indicates only 192.168.1.5 which is the big tv android. how come? Edited September 13 by Michael357 Quote Link to comment Share on other sites More sharing options...
Michael357 0 Posted September 18 Author Share Posted September 18 On 9/14/2024 at 12:10 AM, itman said: This is interesting. VirusTotal shows zero detections for the .apk w/no suspicious indicators. However, Hybrid-Analysis (CrowdStrike) shows it as 100/100 confidence factor malicious: https://www.hybrid-analysis.com/sample/29958f288587fbeeed16909f316a8b7ee035977efccbeccec2931fdfb8377767 . hi, i asked the iptvsmarters owner on whatsapp why his apk download he gave me from his site is infected with hybrid scanner? he got really mad at me and blocked me after he showed me hybris scanned also detects whatsapp apk. what do you say about that? Quote Link to comment Share on other sites More sharing options...
itman 1,755 Posted September 18 Share Posted September 18 (edited) Here's the full Hybrid-Analysis report: https://www.hybrid-analysis.com/sample/29958f288587fbeeed16909f316a8b7ee035977efccbeccec2931fdfb8377767/66cce8a28b08e141e3011fef . Of note: As far as WhatsApp goes, it's a favorite target for attackers. Example here: https://thehackernews.com/2023/11/canesspy-spyware-discovered-in-modified.html ; Quote The development marks the continued abuse of modified versions of messaging services like Telegram and WhatsApp to distribute malware to unsuspecting users. WhatsApp, for its part, treats unofficial and third-party versions as fake, cautioning that "we can't validate their security practices" and that using them may pose the risk of carrying malware that could breach customers' privacy and security. "WhatsApp mods are mostly distributed through third-party Android app stores, which often lack screening and fail to take down malware," Kalinin said. "Some of these resources, such as third-party app stores and Telegram channels, enjoy considerable popularity, but that is no guarantee of safety." Edited September 18 by itman Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.