nmap -Pn 192.168.0.0/16 -p 5555

Now that it's publicly known I guess it's possible that they will close the door post-infection to avoid detecton. And it won't detect any other devices it's spread further to.

If you have a cheapo Android-based TV box or stick like the ones mentioned, throw it out or reflash it with Armbian after forensics.

I'm sure there are HN readers out there who have one of these. They were very popular a couple of years back.

I mean, maybe. More likely imo you're paying for the absolute cheapest hardware and fastest never-updated software someone could throw together and make _any_ profit on. Someone probably had 100k shitty little chips sitting in a warehouse and this was a way to do something with them.

The outcome is really the same, it's just the steps to get there are more human nature.

How is this different from buying hardware and software from big market players?

Why it's not obvious to every Senator and Representative in our Government is frustrating to an extreme.

We really do need to end our enhance our trade protections one way or another.

I mean, it's pretty obvious the services are paid piracy. But it's got to cost something to pull VOD movies from wherever and serve them with an http server limited at 8 mbps even for content that exceeds that. Obviously someone doesn't want the content they stole to be easy to steal... too bad you can't reasonably play it either. :P

Fucking everyone is spying. I started downloading and decrypting apps from the App Store. It’s a god damn nightmare. Random apps are storing keys in the keychain (thanks expo!) that never leave our apple account. They follow us forever. You can’t delete them. Well.. there’s one way but it involves backing up your phone, putting it in recovery mode, and restoring from backup.

You can look around for something like device isolation, but I doubt you'll find it unless you go a couple of steps up from whatever router ISPs ~give away these days.

you can however isolate with vlans and a vlan capable switch, then it would be on the router to isolate traffic between lans (I do exactly this for my less trusted virtual machines)

Some (even cheap) unmanaged switches have a "vlan" or "isolation" switch that does exactly that, where only one or two "uplink" or "wan" ports can talk to the rest. If you have a managed switch, vlans is what most people would use for isolation.

On the software side you could also assign /32 IPv4 addresses only and add explicit ip route for the router only.

Also, is there a better word than ad fraud? It needs an innocuous sounding euphemism like pretty much everything else involving that industry has. “Monetizing ad display”? “User-agent driven conversions?”

You can buy a better one that does not have malware installed. So these are complete and total garbage and no sane person should run them under any circumstance. Sounds like you have a bias which has prevented you from thinking about this clearly.

Just don't run code you download from the internet or put your passwords to important accounts into cheap devices and you'll be fine. Normally people don't the the former, but sometimes do the latter.

edit: To be clear: the bitterness in this comment comes from how many developers assume loopback is secure. However, most website are allowed to send requests to local ports on your computer (IIRC) so that assumption is basically completely false. This is forgivable, except in a world where every developer runs tons of extensions/scripts/open-source apps, and have next-to-zero blast-radius-reduction methods, it makes me sad.

14 emelia terrace west roxbury ma 02132 . su

As for your assumption the OP talks about how it uses residential proxies to get into lans, I don’t think it is a supply chain attack.