Malware on AceMagic...
 
Notifications
Clear all

Malware on AceMagic mini PCs

3 Posts
2 Users
1 Reactions
783 Views
Posts: 47
Topic starter
(@malcolm-r)
Trusted Member
Joined: 1 year ago

Hey all. Recently I got ahold of one of the AceMagic mini PCs, the AD15 model. After I had gotten Proxmox installed on mine and put it into my homelab, I saw some folks in other discords that had run into concerning things with their machines.

I put the NVMe drive that shipped with the device into an adapter and scanned it on my PC. Turns out Windows Defender flagged one of the executables as a "Redline!MSR" trojan. This type of trojan is used to execute code remotely, steal credentials/input, etc: https://www.darkreading.com/cyberattacks-data-breaches/attackers-hide-redline-stealer-behind-chatgpt-google-bard-facebook-ads.

I would HIGHLY recommend anyone with one of these PCs to stop using it (if you didn't reformat the drive first).

If you've had a similar experience I'd love to hear about it.

image
2 Replies
Brandon Lee
Posts: 398
Admin
(@brandon-lee)
Member
Joined: 14 years ago

@malcolm-r I'm glad you are bringing this up, as these mini PCs are becoming more popular in the home lab community. I have the S1 Mini PC with the factory drive that I will run some scans on and see what it finds as well. I'm curious if anyone else has seen suspicious behavior with Ace Magic mini PCs? Please share your findings with the community.

Reply
Brandon Lee
Posts: 398
Admin
(@brandon-lee)
Member
Joined: 14 years ago

@malcolm-r I found the scan history on the original drive for the Acemagic S1. I am surprised, but it is a different trojan in the signature found on the AceMagic S1. These screenshots are from the original drive, and the timestamps are around the time I received the drive, booted it up, and Windows security flagged it.

2024 01 22 20 34 57
2024 01 22 20 35 38

Also, I have it on a separate segment of my network with a firewall in front looking at network flows. Going to see if it calls out to anything out of the ordinary.

Reply