@briankrebs All of this is down to the greed of the big media companies creating demand for their products.

Products that many people in the world do not have the financial resources to pay for.

A bit like your local dealer creating demand for illicit drugs produced in Central and South America.

Such problems are caused by the inherent inequality of oligarch and mafia based capitalism.

The poor do not have the means to comprehend the consequences of their attempts to save money.

@briankrebs I suspect that label means "The firmware doesn't contain the mandatory hooks for the Chinese government.".

@briankrebs And why, exactly, would Chinese TV box vendors ship malware from someone who's clearly bigoted towards Chinese people, as per the article that you link?

This feels like a rather tenuous, and frankly sinophobic, connection that you're drawing here to the "overseas use only" phrasing, which has also appeared on eg. travel adapters and is far more likely to have to do with non-compliance to certain regulations in certain countries.

For the record, I am mainly interested in seeing the major US retailers moving to stop selling these devices, period. That seems to be happening, at least on the ones that are being called out. But the only reason that's happening now is because more people (present company included) are starting to make a lot more noise about it.

https://bsky.app/profile/did:plc:ije2xwkpyayz53imvbibvuqf/post/3marmcx23cc2f

@briankrebs

Question is - how locked down are they? Because if they're cheap enough, they might be viable hardware to re-purpose for all sorts of fun things. If you have a sub-$100 box that can reliable stream 4k video and can be lobotomized and re-purposed, you have Pi competition.

I really wish you made it clearer why you mentioned China in the first place. I get your meaning that it shows the device doesn't meet local quality/security standards (and thus that it shouldn't be accepted by ours), but as shown by several of the threads replying to your post, the ongoing politics in the USA -- on both sides of the aisle -- have fostered an environment where if something might be taken in a sinophobic direction, it will be.

Still, thanks for spreading the warning.

For everyone else who read the post and felt inclined to respond with some variation on "government spyware", deep shame on you. The linked article doesn't even mention anything remotely related to that -- the only references to China are in blocks of stats-by-country, and a very brief mention of a (derogatory) log message the virus output. At least you've revealed yourselves as people who only read the headlines, who are eager to be casually racist, and who can be swiftly blocked.

re: @briankrebs@infosec.exchange

@briankrebs Same applies to "made in <own country>" but not marked for overseas usage, right?

@briankrebs

A lot of imported products from many countries are labelled "for overseas use" or similar.

This is usually because taxes like VAT were not paid in those products. A lot of products from the UK and EU have similar labels.

Sometimes it relates to intellectual property rights. The manufacturer pays a lower royalty rate for tech or creative works for exported goods.

This isn't to say that those products aren't insecure. But the label is more likely related to taxes and royalties than to hacking and surveillance.

@briankrebs or, maybe, it's for tax purposes.

@briankrebs What do you recommend in order to not end up running infected Chinese hardware? Most things are built in China these days, it's shocking.

@briankrebs Since I don't trust the big TV brands with their smart TVs, why should I install such a device?
For giving more information about everything I do?
Sorry, even if it's just a "personalized" advertisement, NO
Smart is the new stupid for me. Maybe I connect devices in my home, but let them communicate with some kind of "control server" in the cloud? Never, it brings everything for others but no advantage for me. No matter what any marketing departments want to tell me.

@briankrebs The Main reason for this are the differences in alotted frequency bands and the related limits. What's compliant in the US often is absolutely not in the EU or China or India for that matter. Not everything is a conspiracy.

note you're talking about something carrying a proprietary, remotely-controlled operating system. are you not concerned about its universal backdoor?

@briankrebs
If you're going to trash that, can I have the ram please?

@briankrebs Apple does the same shit, you despicable person!

@briankrebs i wish more mainstream consumer routers ran proper firewall software and that mainstream users knew how to use it to create no-WAN networks for these things

@briankrebs while your wider point is valid, based on extensive experience around networks and travel, I would suspect that the "overseas use only" equipment lacks censoring capabilities which domestic products would contain.

A German ISP once lost subscriber access to Google because Huawei accidentally put the wrong firmware on their DSLAM? GPON? I forget, but it's equipment you would not have expected to do DNS-level-anything as it was ISO/OSI layer one or two.

@briankrebs But .... but .... but it's cheap! And it's pretty! It comes in 6 different colors!

@briankrebs bot net is bad sure, but I can only think of when all of Hesbolas beepers exploded suddenly without warning.

@briankrebs In this context, this might be interesting as well: https://youtu.be/R82pt4rLhBQ?si=Wd_mqQMDJD6Mowbo
It's the first video of a series of reversing a so called Superbox S6 Pro.

"Cuando toda una clase de tecnología indica en el empaque que fue fabricada en China, pero destinada "solo para uso en el extranjero", deberías pensarlo dos veces antes de conectarla a tu red.

Encontrarás esta información en muchos dispositivos de streaming Android TV a la venta en las principales tiendas. Hay una muy buena razón por la que el país que fabrica esta basura no la quiere en sus propias redes. Mi consejo: si tienes uno de estos dispositivos de streaming Android en tu red o te lo regalan, tíralo a la basura. Hablaré mucho más sobre esto en Año Nuevo, pero estos dispositivos son responsables de la creación de una botnet que actualmente cuenta con unos 2 millones de dispositivos y está creciendo rápidamente. https://blog.xlab.qianxin.com/kimwolf-botnet-en/ "

@briankrebs

@briankrebs it is good advice not to let any Android TV or any smart TV connect to your network

China is up to a lot of doggy stuff. As is Google, Amazon, [insert any number of private actors]

And as far as stare actors go the USA is by far the most dangerous and disingenuous of the lot.

I do think being skeptical of Chinese network appliances is good. But not because they are Chinese, because they are network appliances

@briankrebs Huawei 5G hardware has been rejected for some reasons. However, central government transferred the objectives onto others (still in use) suppliers. The west (so called) is proud of its systematic thinking while The East thinks in systems... In this case...bravo China :)

@briankrebs ok but 4Gb of RAM

@briankrebs
So I’ve never read any of these security things…. Just read the one you shared. #thanksforsharing

I had to ask a LLM to explain it to me. Then I asked how I might determine if any of my devices are bots….

We’re screwed.

@briankrebs question: we have a Sony TV that has smart features. We do _not_ provide it with Internet connectivity. We do use a Roku and OTA broadcast. Yes, the Roku has a mic, but no camera.

Are we still being cyber-risky?

@briankrebs I think the "Overseas Use Only" is because a device for use in China would have to comply with the Great Firewall and not try to connect you to streaming services that are banned in China.

@briankrebs As easy as it is to hate on China, let's please recheck. They are behind their firewall that renders anything unusable or at least close to unusable that is connecting from outside to inside and vice versa.
Not that cheap TV boxes are to be expected high quality, that is.

@briankrebs Interestingly enough, you also find that kind of label on some American foods. "For sale only in the United States, overseas territories, and military bases". Surely WE'RE not the botnet.... are we??

@briankrebs You're right, all chinese made TVs should block youtube, all things google, wikipedia, yandex video, twitch and all things amazon by default, just like they have to in mainland china.

@briankrebs don't worry, America has been doing the same and releasing software and hardware with backdoors in it to everyone for decades.

@briankrebs Fairly interesting too that according to "reports" some AndroidTVs have not had a software update in ages. I'm yet to make a fuss about it but...

@briankrebs The cited article makes this sound more like the boxes get infected with something through post-purchase install.

The TVs that are packaged for overseas have the software for overseas that includes access to stuff that their own citizens are not allowed to access. The main google app stores and such.

Stuff like CE and FCC marks are for the whole package. Software included.

The botnet is a worry and these things are NOT secure, but this stamp doesn't say anything worrisome for us

@briankrebs yup

Page won't load for me. archive.org to the rescue : https://web.archive.org/web/20251221132941/https://blog.xlab.qianxin.com/kimwolf-botnet-en/

"Investigations found that the author of Kimwolf shows an almost "obsessive" fixation on the well-known cybersecurity investigative journalist Brian Krebs, leaving easter eggs related to him in multiple samples.

For example, in sample 2078af54891b32ea0b1d1bf08b552fe8, the domain fuckbriankrebs[.]com is embedded in both its udp_dns and mc_enc attack methods, used to generate DNS request payloads."

😂🤣

@briankrebs

@briankrebs I looked through the article, but I don't see how China-produced products are related to this botnet. Doesn't the malware focus on Android streaming boxes regardless of where they were produced? As far as I can see, the article didn't link the botnet to China either. (There are genuine questions btw.)

@briankrebs

telling people to waste perfectly good TV boxes that can run Linux is absolutely the wrong takeaway

@briankrebs

You should stick to something safe, like an Amazon Firestick.

They're made in...

China!

https://www.accio.com/supplier/amazon-fire-stick-manufacturer

@briankrebs@infosec.exchange
I do find it funny that "FOR OVERSEAS ONLY" is written in ENGLISH and not Mandarin. You would think if a product was not designed for the Chinese market, would warn the Chinese that the product is for export only, in Chinese. Most Chinese are not bilingual. LOL.

@briankrebs Krebs is on mastodon! Awesome! Following.

@briankrebs How do those devices (along with all the fridges and IOT cameras that make up most botnets) get infected? Aren't most of them behind NAT? I understand "default passwords", but for that to be a problem, there has to be a way for the attacker to connect to a device in the first place, and that is the part I don't get.

@briankrebs I don't think China is a country. I think it's a stateless territory infested by a criminal communist terrorist organization whose kingpin is Xi Jin Ping.

@briankrebs I don’t own one but my understanding is that these Android TV boxes are typically used for watching pirated content. I can’t see any company putting heavy efforts into the security of their product when it’s used for this purpose. Whether they’re intended to be a Trojan horse or not, the risk their use brings is too high in my humble opinion and I agree with Brian, they should be binned.

@briankrebs Evidence that "these things are responsible for building out a botnet that currently has ~2M devices and is growing rapidly"?

@briankrebs You seem to be implying this violates some chinese security regulations and isn't approved for domestic sale, but the much more likely explanation is that these boxes are banned in China due to state media control concerns: https://www.ibtimes.com/china-cracks-down-set-top-box-market-bans-popular-streaming-apps-2189776

@briankrebs note that you can run Armbian on some of these. Be sure to look at the Armbian forums for unofficial builds if there's no official build.

@briankrebs

It could be the other way around: less spying for foreigners? After all, China spies on its own citizens more than anyone else.

Meant to link to my previous reporting on this topic, which briefly touches on some of the challenges w/ the ubiquity and sheer insecurity-by-design of most of these Android TV/movie streaming devices

https://krebsonsecurity.com/2025/11/is-your-android-tv-streaming-box-part-of-a-botnet/

@briankrebs I switched to Roku...I hope thats good. I haven't heard anything about Roku yet

@briankrebs I think you're reading too much into this one Brian. This is most likely because of the different voltage, the US uses 120v, China uses 240v like Europe.

@briankrebs Feels weird that they write "overseas use only" in English...seems like Mandarin might be a better choice perhaps? 🤣🤷🏼‍♂️

@briankrebs 😱