Morning Overview

Some streaming boxes arrive already infected, turning new homes into crime relays

Some streaming boxes are arriving in consumers’ homes already infected with malware, effectively turning brand-new devices into relays for online crime the moment they are plugged in. According to Gadget Review, law enforcement and Google have moved against a botnet that hijacked millions of such devices.

The idea that a device could be compromised before its owner ever touches it upends the usual advice about online safety. Careful habits — strong passwords, cautious clicking — cannot protect against malware baked in at the factory or somewhere along the supply chain, which is what makes this class of threat so troubling.

Compromised out of the box

Investigators found that many infected devices had malicious software installed before users ever started them, allowing criminals to secretly route illegal internet traffic through the victim’s home connection. Because the compromise predates the first setup, buyers have no realistic way to know their new device is working against them.

A device tampered with before purchase gives no outward sign of trouble and behaves normally from the user’s perspective, all while quietly serving criminals in the background. That invisibility is the point: the scheme depends on victims never realizing their hardware is compromised, so it can keep exploiting their connections for as long as possible.

How the scheme operates

The malware enrolls the device into a residential proxy network, lending its home IP address to criminals who use it to mask fraud and other illicit activity. Traffic that appears to originate from an ordinary household is harder for fraud-detection systems to flag, which is exactly why these hijacked devices are valuable to the people running the operation.

Residential proxy networks are a lucrative business precisely because home IP addresses are trusted. By funneling their activity through millions of real households, criminals can evade the defenses that would block traffic from known malicious sources. Each compromised streaming box becomes a small, disposable piece of cover for scams, credential attacks and other crimes.

Reducing the risk

Security specialists recommend buying streaming hardware from reputable brands and retailers rather than the cheapest unbranded options, which are more likely to ship with tampered software. Keeping firmware updated, changing default credentials and watching for unusual network activity all help, as does retiring devices that no longer receive security patches. The episode is a reminder that the supply chain itself can be a source of infection, not just careless clicking after the fact.

The price of a bargain streaming box can include hidden risk, since low-cost, unbranded devices are the ones most often found harboring pre-installed malware. Favoring established brands, keeping software current and monitoring the home network for odd behavior all reduce exposure. The broader takeaway is that securing a home now means paying attention to where devices come from, not just how they are used.

This article was researched with the help of AI, with human editors creating the final content.