Reported that malware was pre-installed on a machine made in China bought at a Chinese online shop, a cleverness that can not be found only by scanning control software



When I bought a small pick-and-place machine from China's online shopping site 'AliExpress ', which is also developing services in Japan, I experienced that malware was installed from the beginning and I could not get any response from AliExpress. The story has been published.

Zheng Bang ZB3245TSS Pick & Place Machine --Custom Electronics, PWM Circuits, Induction Heating, and DIY Science Projects
https://www.rmcybernetics.com/general/zhengbang-zb3245tss-pick-place-machine

In December 2021, RMCybernetics , a British electronic component sales site that handles DIY products, purchased the pick-and-place machine 'ZhengBang ZB3245TSS ' from AliExpress for use in small-lot production of products and development of prototypes. The price excluding import tax was about 4000 pounds (about 615,000 yen).



Most of the OS and attached software was in Chinese, but the main control software was English, so RMC Cybernetics was able to prepare for using the Zheng Bang ZB3245TSS without any problems. However, assuming that some kind of failure will occur due to a bug or defect peculiar to a product made in China, RMCybernetics backed up the control software to a USB memory once and then connected the USB memory to the PC, and immediately the antivirus software Started and issued a warning.

Examining the antivirus software logs, the file in question was 'FlyerSMT_HV.exe', the main OS of the ZhengBang ZB3245TSS.

Therefore, when we performed a batch check with VirusTotal to check for the possibility of false positives, we found that 53 anti-virus software was judged to be malware. At the time of writing the article, it has increased from 53 to 60.



Subsequent detailed analysis revealed that the control software malware had the ability to collect and send user data. RMCybernetics speculates that this was 'made to steal design and corporate information.'

When I contacted the manufacturer Zhengbang about this, the company's support said that the operation of the antivirus software was a false positive and there was no need to worry. Also, the new control software sent by Zhengbang certainly did not detect any malware.

However, when I overwrote the malware-infected control software with the new control software and tried again, the anti-virus software started again and issued a warning. So, RMCybernetics, who thought that malware other than the software in the USB memory might be loaded, disassembled the machine and scanned the PC built in the inside with multiple antivirus software, and there too It turns out that there is another malware, including one that causes the

Trojan to download.



The malware that was on the machine side made a hidden copy of the executable file containing the malware on a USB memory and then repackaged the malware, so that the malware could be hidden cleverly.

RMCybernetics reported this to AliExpress, but did not take any action other than answering that it was not a violation of the rules. Regarding this, RMCybernetics said, 'Even if it does not violate AliExpress policy, it is a criminal act that intentionally gains unauthorized access to a PC using malicious software, which is a criminal act that violates British law. There seems to be no intention to prevent the illegal sale of the machine. '

In addition, RMCybernetics finally installed its own OS on the machine and made it possible to use ZhengBang ZB3245TSS safely using control software that is not infected with malware.

Related Posts:

in Hardware,   Security, Posted by log1l_ks