Get 1,000+ Free Secret Apps on Firestick & Android TV/Google TV

TV Channels

Android TV Box Malware – The Dangers of Cheap Streaming Boxes

Android TV Box Malware

Android TV Box Malware has been confirmed on numerous cheap boxes available for purchase on the Internet.

Subscription streaming services have become so expensive that many people are turning to cheap Android streaming boxes as an alternative. TROYPOINT has often referred to these streaming devices as “Generic Android TV Boxes” due to the fact that they run a modified version of the same Android OS that you would typically find on a phone or tablet. The user interface on these devices are less than ideal and require a mouse pointer to interact with many applications.

For just a few dollars, these devices promise to provide cheap or even free access to copyrighted content, no technical skills required. But is there a catch? As one popular YouTuber recently discovered, many of these boxes come pre-installed with malware that can do all kinds of scary things on your network, including stealing login credentials and launching DDOS attacks.

Android TV Box Malware Launcher
Cheap Android TV Box User Interface

TROYPOINT stopped reviewing these cheap Android TV Boxes a few years ago due to these security risks, poor quality, and better choices that hit the market. Once upon a time, the only affordable choices were either an Amazon Fire TV streaming device or one of these cheap China Android TV Boxes. Once the new Android TV operating system took off, there was no need to use these cheap devices anymore due to better quality systems that are also extremely affordable. Plus, Android TV is much easier to use because it’s designed for the television and works great with a remote control.

The popular YouTube channel Linus Tech Tips recently released a video that warns people about the dangers of using these generic Android TV Boxes.

Following the video I will provide my opinions on this matter and offer some tips that you can take to remain safe.

Android TV Box Malware & False Advertising Video


We Can’t Trust Those Who Break Laws

First, it’s important to note that these devices are nothing new and the market for cheap Android streaming boxes has been around for years. This will only continue to increase as people get sick of spending money on entertainment that they can stream for free. However, it’s important to remember that the kinds of people who are willing to help you circumvent copyright law tend to be the same kinds of people who don’t care about other laws either, such as privacy or data collection laws.

The same holds true for the thousands of unverified IPTV services out there.  I’m amazed when I see people purchase IPTV services for $10 per month yet don’t protect themselves with a VPN like Surfshark and then willingly input their personal information along with a valid credit card into the checkout screen.  Do you really trust these people with your identifying IP address, credit card info, and other personal information?

Or what about the free streaming apps or 3rd party Kodi addons?  Same applies here as well.

It’s important to note that running a VPN will not protect you from everything. You should be taking additional steps to protect your identity by paying for services with Coinbase or Abine Blur.

Friendly Android TV User Interface But Beware

When you first set up one of these boxes, you’ll be greeted with a friendly setup process and brought to a home screen that looks at least vaguely like Android TV.

Android TV Box Applications
Generic Android TV Box App Screen

However, if you’re running a network sniffer like in the video above, you might start to see red flags in what seems to be a best-case scenario. The box might be trying to ping an address with “fota” in the URL, which stands for firmware over the air and is relatively standard Android behavior. However, if you look up the IP that URL is pointing to, it’s likely referring to a location located in China. While this isn’t a problem in and of itself, with China’s looser regulations, there are no guarantees that the firmware you download will be clean or that it will even be firmware at all.

CopyCat Android Malware

When DesktopECHO inspected the file systems of some of these boxes using Android debug bridge in the above video, he found countless attempts to contact URLs that were made up of jumbled letters and lesser-used top-level domains. They were attempting to dump payloads into the now-notorious “core Java” directory, which is a relative of CopyCat, an Android malware with truly terrifying capabilities. The original infected an estimated 14 million devices and was designed primarily to generate and steal ad revenue. But given that it can root your device, inject itself alongside apps that you launch, and control your network activity, it can be used for all kinds of illegal activities.

Can’t Prepare for the Unknown

Unfortunately, even if you manage to block the bad behavior that we know about, it won’t protect you against the unknown. Many of these devices come pre-rooted with alternative app stores and a rebranded version of Kodi that does not inspire confidence.

Rebranded Kodi with Android TV Box Malware
Rebranded Kodi App

They could easily contain payloads that target other devices on your local network or persistent malware that steals login credentials. No amount of monitoring is enough to say for sure that everything has been found and eliminated.

Android TV Box Alternative ROMs

One option would be to find a clean ROM and install it in place of the stock operating system. But unfortunately, this is easier said than done. All the resellers that offer flashable firmware images are content posting the files on Mega, Dropbox, or OneDrive. So if those files expire, they either don’t notice or don’t care. When you do find a ROM and figure out how to flash it onto your device, odds are good that you will end up right back where you started, core Java folder and all.

Should You Buy a Cheap / Generic Android TV Box?

So are these devices worth buying? Do they have any redeeming qualities? Unfortunately, no. Even though they advertise four gigs of RAM, only half of that will ever be usable, and the system properties seem to corroborate that. Many of them also advertise 4K or 8K playback yet the video above shows that they aren’t capable of rendering that.  False advertising at its best.


Your online activity is recorded by your government, Internet Service Provider, app/addon/IPTV devs and all websites through your identifying IP address

Stream anonymously by using Surfshark VPN

Your Current Identifying IP Address (digital fingerprint):


Surfshark backs their service with a 30-day money back guarantee

Use your account on unlimited devices & share with family members


Android TV Box Malware streaming device
Android TV Boxes on Amazon

One of the main concerns with these Android set-top boxes is their lack of security. Many of them come pre-rooted with alternative app stores and rebranded versions of Kodi, which could contain malware. In addition, the devices themselves are often made with subpar components and fake RAM, meaning they may not perform as advertised and could potentially engage in illicit activities on your network.

While there may be some limited use cases for these boxes, such as running custom firmware or as a project for advanced users, for most people they simply aren’t worth the risk. With affordable and reliable Android TV Alternatives, there are better options available for streaming your favorite content without putting your privacy and security at risk.

How to Know a Bad Android Box When You See One

This is pretty easy.

Only buy from reputable brands that you trust.  Examples of this include Google, MECOOL, Amazon, Onn, BuzzTV, Formuler, and Ugoos. Some may question the reliability of off-brands such as MECOOL, BuzzTV, Formuler, and Ugoos but its important to point out that these companies have been in business for a long time and have a large following. Yes, they could be engaging in these activities but I highly doubt it due to their ongoing security updates, and customer support.

If you don’t see a recognizable brand attached to one of these Android TV Boxes then stay away!

Can You Continue Using Your Generic Android TV Box?

If you’re still using one of these sketchy devices, I would suggest replacing it with a reliable one and you can find our link to the Best Android TV Boxes below.

If you’re going to continue using your cheap Android TV Box, I would ensure that you have activated the CleanWeb option within Surfshark VPN as this blocks malware that can enter the system.

Activate Surfshark Cleanweb
Surfshark VPN CleanWeb Malware Blocker

I would also suggest refraining from logging into important accounts on these Android boxes such as Google or any account that holds sensitive information. You can always use 3rd party app stores that don’t require a username/password for installing your favorite apps.

Recommended Android TV Boxes

The main reason people purchase these off-brand Android TV Boxes is because of the low price.

Here’s our updated list of the best Android TV Boxes and we have a section for both budget friendly and premium systems.

Best Android TV Boxes

This page includes affiliate links where TROYPOINT may receive a commission at no extra cost to you. Many times, visitors will receive a discount due to the special arrangements made for our fans. Learn more on my Affiliate Disclaimer page.

12 thoughts on “Android TV Box Malware – The Dangers of Cheap Streaming Boxes”

  1. Just a quick question.
    I purchased a cheap android box and my antivirus thinks there is malware in the boot partition within the settings. I thought this could be a false positive because the box, similar to your article, uses a non certified Android software

    Do I use a packet sniffer to determine if I am safe?

    antivius won’t remove it and I’m using a vpn 100% all the time. I also use a dummy Gmail account on the box

  2. I bought a MUVIP streaming box and installed Kodi 20 on it. I bought it because it seemed like it was going to be fast and more flexible to configure. I haven’t been all that pleased with the purchase. Does anyone else have one of these and what do you think of it?

  3. You just reviewed the .onn walmart device, so its difficult to listen to your warning to beware of cheap streaming boxes. Lol.

    1. There’s a difference between cheap and inexpensive. I can promise you that Onn is not distributing devices with malware. Onn is one of the biggest tech merchandisers for Walmart. LOL is right.

      1. Neither the article or the video attached to it really explained how to identify between the cheap and inexpensive. Maybe you should ask the guy in the video to test the .onn device. The review on it are pretty awful.

        1. In the article above I tell people to stay away from no-name devices. If it isn’t a reputable seller such as Onn, Google, MECOOL, Amazon, Tivo, BuzzTV, Formuler, stay away.

          1. Troy, is there a way to join your Patreon channel by using the CashApp instead of paying by CC? I’d be happy to donate, but just didn’t want to put it on a card.

          2. I have a 6 year old unit (that still actually works!) that I really should check to see what it is actually doing inside. The thing that scares me though is harvesting our data seems to have become such a god given right to virtually every company out there that I really think we need to sniff the mainstream offerings as well for these issues.

        2. What did they compare it to? The onn device works great as a simple streaming box. Reviewers tend to compare everything to a Shield Pro. Of course a $250 device is going to out perform a $20 one. They’re essentially comparing a Bently to a Kia. They both function as a car but one is much more powerful and luxurious, and it shows in the price. I have a lot of customers who are happy with their $20 onn device.

Leave a Comment

Your email address will not be published. Required fields are marked *

Save 86% on Surfshark VPN + 3 Free Months