Whoops! ACEMAGIC ships mini PCs with free bonus pre-installed malware

Whoops! ACEMAGIC mini PCs ship with free bonus pre-installed malware

Chinese mini PC manufacturer ACEMAGIC (do I really have to write that in capitals? I hate it when companies name themselves like that…) has made life a bit more interesting for its customers, by admitting that it has also been throwing in free malware with its products.

Yup, the PC maker has ‘fessed up to unwittingly shipping the Redline spyware and Bladabindi backdoor Trojan to its customers.

ACEMAGIC’s press release is worth a look.

ACEMAGIC, a leading provider of innovative mini PC solutions, has proactively addressed an isolated virus incident affecting a specific batch of mini PCs.

“Proactively addressed”? Hmm. I think what they meant to say was “retroactively addressed”. It would have been proactive of ACEMAGIC if the malware had been caught in advance, and never been distributed on the PCs in the first place.

The incident was identified through Windows Defender, detecting the presence of the Bladabindi and Redline malware families in the ENDEV folder.

Windows Defender is the old name for Microsoft Defender Antivirus, the anti-virus product built into modern versions of Windows.

From the sound of things, ACEMAGIC didn’t scan its computers for malware. They didn’t even think of running the anti-virus built into the version of Windows they were shipping on their PCs.

As a result, several consumers across the United States and Europe reported similar concerns, prompting a thorough investigation into the root causes and swift implementation of corrective measures.

“A thorough investigation”? You mean, you ran an anti-virus program – right?

Upon meticulous examination, it was revealed that our software developers, in an effort to enhance user experience by reducing initial boot time, made adjustments to the Microsoft source code, including network settings, without obtaining software digital signatures (A digital signature is an electronic, encrypted, stamp of authentication on digital information such as email messages, macros, or electronic documents.

“Upon meticulous examination…” I’m not sure whether to laugh or cry…

But in short what I think they are saying here is that in an attempt to “enhance user experience” (no-one, especially not Elon Musk, wants to be forced into create a Microsoft account to install Windows 11), they shoved in some code they found lying around the internet that offered to help set up the PC more quickly.

A signature confirms that the information originated from the signer and has not been altered), and the RGB lighting control software was also without one. This oversight led to isolated reports of virus-infected mini PCs manufactured before November 18, 2023.

Uhh, even if the digital signatures had been present and correct it is no guarantee that the software is not malicious.

Sign up to our free newsletter.
Security news, advice, and tips.

ACEMAGIC is offering a full refund to customers who purchased affected PCs, and a 10% discount on other products from the firm.

The company also says it will be more careful in future.

By the way, ACEMAGIC isn’t the first manufactuer of mini PCs to ship malware to its customers. In 2008, for instance, Asus managed to give its customers an unwanted malware freebie with its tiddly Asus Eee Box.

Here’s a video by a man with a big beard, talking more about ACEMAGIC’s screw-up.

This MINI PC ships with SPYWARE! 🦠 ⚠️ Acemagic AD08, AD15, S1

Graham Cluley is an award-winning keynote speaker who has given presentations around the world about cybersecurity, hackers, and online privacy. A veteran of the computer security industry since the early 1990s, he wrote the first ever version of Dr Solomon's Anti-Virus Toolkit for Windows, makes regular media appearances, and is the co-host of the popular "Smashing Security" podcast. Follow him on Twitter, Mastodon, Threads, Bluesky, or drop him an email.

3 comments on “Whoops! ACEMAGIC ships mini PCs with free bonus pre-installed malware”

  1. Me

    Everyone should treat every pc coming from China is going to have Spyware. This isn't the first occurrence. Temu and the other "to good to be true" companies are under investigation already. Spyware was found incorporated into the phone app. China in holding nothing back in its espionage endeavor.

    1. Qwerty · in reply to Me

      …from any where, not only China :)

    2. J.R. Stronczek · in reply to Me

      I bought one and did not realize until I did an offline scan did the virus finally show up.
      It stole all Chrome passwords which were not critical I though at first. Basically I use chrome for games.
      Well it stole my facebook account and linked to an instagram account which was not mine,published something and got me kicked off. The only way I could appeal was to login into the Instagram account and appeal,well when its not yours how can you login?
      No way to "contact" facebook, I did try contacting Instagram thru some BS way I found and I got no answer.

      It was not until Experian notified me that my info was found on the dark web. Well I thought i was ok since I did change all my passwords and locked credit down also turned on 2 step authentication. Well few sites still were able to get hacked,one was a site I use to purchase items for work. They did try to purchase but since I get notified of purchases I was able to stop it.
      It sucks when you buy something like that off Amazon and do not expect that. Almost 20 yr old facebook account lost and trying to get back info into new account sucks.
      My motto is now "When you buy a new computer,I do not care from what company do an OFFLINE scan before signing into any other things. Make sure it is not infected.

What do you think? Leave a comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.