Don't miss out on new posts! Sign up! Also, visit the VHT Forums!
Malware on AceMagic...
Clear all

Malware on AceMagic mini PCs

3 Posts
2 Users
Posts: 58
Trusted Member
Topic starter

Hey all. Recently I got ahold of one of the AceMagic mini PCs, the AD15 model. After I had gotten Proxmox installed on mine and put it into my homelab, I saw some folks in other discords that had run into concerning things with their machines.

I put the NVMe drive that shipped with the device into an adapter and scanned it on my PC. Turns out Windows Defender flagged one of the executables as a "Redline!MSR" trojan. This type of trojan is used to execute code remotely, steal credentials/input, etc:

I would HIGHLY recommend anyone with one of these PCs to stop using it (if you didn't reformat the drive first).

If you've had a similar experience I'd love to hear about it.

Posted : 22/01/2024 10:06 am
Brandon Lee reacted
Brandon Lee
Posts: 413
Member Admin

@malcolm-r I'm glad you are bringing this up, as these mini PCs are becoming more popular in the home lab community. I have the S1 Mini PC with the factory drive that I will run some scans on and see what it finds as well. I'm curious if anyone else has seen suspicious behavior with Ace Magic mini PCs? Please share your findings with the community.

Posted : 22/01/2024 10:38 am
Brandon Lee
Posts: 413
Member Admin

@malcolm-r I found the scan history on the original drive for the Acemagic S1. I am surprised, but it is a different trojan in the signature found on the AceMagic S1. These screenshots are from the original drive, and the timestamps are around the time I received the drive, booted it up, and Windows security flagged it.

2024 01 22 20 34 57
2024 01 22 20 35 38

Also, I have it on a separate segment of my network with a firewall in front looking at network flows. Going to see if it calls out to anything out of the ordinary.

Posted : 22/01/2024 8:40 pm